Diego Toharia deigote
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import org.slf4j.Logger | |
| import org.slf4j.LoggerFactory | |
| import ratpack.handling.Context | |
| import ratpack.handling.Handler | |
| import ratpack.http.client.HttpClient | |
| import ratpack.http.client.StreamedResponse | |
| import ratpack.http.MutableHeaders | |
| import ratpack.http.client.RequestSpec | |
| import static ratpack.groovy.Groovy.ratpack |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Demostraremos diferentes vectores de ataque que aprovechando una simple e "inofensiva" | |
| vulnerabilidad XSS nos permitirán acceder a la webcam del visitante, controlar su equipo | |
| o incluirlo en una botnet. | |
| Tras este "shock" inicial mostraremos las soluciones existentes y la forma de integrar | |
| la seguridad como un elemento más en el ciclo de desarrollo de aplicaciones web. | |
| Usaremos Grails como framework de ejemplo, aunque las ideas presentadas son aplicables a | |
| cualquier framework de desarrollo web. |