AppSec Europe 2016

MEAN is a free and open-source JavaScript software stack for building dynamic web sites and web applications and has gained momentum in the last years: 
- MongoDB, a NoSQL database 
- Express.js, a web application framework that runs on Node.js 
- Angular.js, a JavaScript MVC framework that runs in browser JavaScript engines developed by Google 
- Node.js, an execution environment for event-driven server-side and networking applications 
Every developer has heard of it and many organisations are moving their production applications to MEAN stack. 

This one day training will teach you how web application vulnerabilities change in the MEAN stack. We are going to explore these technologies and talk about the main issues you can encounter while either assessing or writing MEAN applications: 
1) Security Fundamentals and Implications of using MongoDB, Express.js Angular.js and Node.js 
2) OWASP Top 10 in MEAN 
3) Typical exploitation of MEAN and how to stop these attacks 
- NoSQL injections 
- Server-side JavaScript injections 

This course will be 50% hands-on using: 
- Secure Code Warrior (https://www.securecodewarrior.com), a platform where software developers use hands-on learning to build secure-coding skills and are benchmarked versus their peers. A month full access to the SCW platform is included in the training. 
- OWASP NodeGoat (https://www.owasp.org/index.php/OWASP_Node_js_Goat_Project)