Fighting an Uneven Battle: Simplicity versus Complexity in Web App Security presented at OWASPNewZealandDay 2020

by Sergey Ozernikov,

Summary : The more complex a system is, the harder it is to secure it. This is one of the fundamental security principles. But how does that relate to the web applications world? Economy of scale, modern frameworks, multiple levels of abstraction and proliferation of high level programming languages make our life simpler. But do they make it more secure? What design choices to make to streamline development and also maintain security? How to peek under a shiny disguise and make your own judgement about the security of a product or framework? In this talk we’ll explore these questions and decision making process when designing web solutions from both engineering and security perspectives. Add a sprinkle of DevOps and Cloud into the bowl and we’re in for a crazy ride towards the world of the unknown.