Exploiting Local Dev Environments

When developing locally, we often loosen the security of our local environment to make testing/debugging easier. However, what if others on the public internet could easily access this environment? Further, what if your local environment could be leveraged to steal production data?

In this talk, we’ll sit at the security “intersection” of Developers and DevOps Engineers, and witness how local dev environments can interact with our infrastructure in unintended ways.

Additionally, we’ll explore this topic through a realistic example which includes the following:

  1. BeEF (Browser Exploitation Framework)
  2. Cross-Site Scripting (XSS)
  3. Same Origin Policy (SOP)
  4. Cross-Origin Resource Sharing (CORS)
  5. Elasticsearch

Session Information

June 7, 2018 at 10:30 am