I’m sure you’ve heard these before: “It’s only the front-end.”, “Oh that would never actually happen!”, “If the hacker can do that, the user has already been popped.”.
But that’s complete rubbish! Hacking into a webapp can be as simple as setting an admin flag to true! Or getting all the login keys you need, directly from the HTML (and yes, I’ve done both of these). So often the devs assume the front end is safe and don’t think to authorise requests or limit the data sent via the internal API.
Securing the front end is just as important as the backend or the server.
And to prove it, I’m going to break into a Laravel application, live “on stage” using these front end vulnerabilities. We’ll test different front end frameworks, such as Livewire and Inertia/Vue, to see just how far we can get.
Remember to think like a hacker, so we can build secure apps on all levels.
About this talk
The length of the talk can vary from 30-60 minutes, depending on the timeslot. The contents is refreshed before each presentation to reflect new vulnerabilities and common weaknesses.