← All talks
Topic

Web AppSec talks at BSides

441 talks tagged Web AppSec from 88 chapters of BSides events worldwide.

Related topics
TechnicalTalkRedTechnical Deep-divesDemoCase Studies and Incidents Analysis
45:24
It's the Little Things
Ben Sadeghipour
BSides PDX · 2018
TechnicalWeb AppSecIntermediaryRedTechnical Deep-divesTalk
Open →2019-02
1:03:19
Bug Bounty on Steroids
Hussein Daher
BSides Ahmedabad · 2023
TechnicalVulnerability ResearchWeb AppSecIntermediaryRedTalk
Open →2023-02
25:00
Bug Bounty Recon The Right Way
Khalil A. Lemtaffah
BSides Budabest · 2022
TechnicalOSINTWeb AppSecIntermediaryRedTalk
Open →2023-06
22:47
Passive-ish Recon Techniques
Tom Hudson
BSides Leeds · 2018
TechnicalWeb AppSecIntermediaryRedTalk
Open →2018-02
33:53
The Power of Recon
Orwa Atyat
BSides Ahmedabad
TechnicalOSINTVulnerability ResearchWeb AppSecRedTalk
Open →2024-05
29:24
No More XSS: Deploying CSP with nonces and strict-dynamic
Devin Lundberg
BSidesSF · 2018
TechnicalWeb AppSecTalk
Open →2018-04
37:31
Art of VirusTotal Hacking
Orwa
BSides Ahmedabad · 2025
TechnicalWeb AppSecTalk
Open →2025-04
32:11
The Art of Authentication Bypass
Abdallah AL Mohameed
BSides Ahmedabad · 2025
TechnicalWeb AppSecRedTalk
Open →2025-04
30:26
Web security is fun (or how I stole your Google Drive files)
Lyra Rebane
BSides Tallinn · 2024
TechnicalVulnerability ResearchWeb AppSecTalk
Open →2024-10
32:41
Offensive Javascript Techniques for Red Teamers
Dylan AyreyChristian Frichot
BSidesSF · 2019
TechnicalWeb AppSecRedTalk
Open →2019-03
49:29
AutoRepeater: Automated HTTP Request Repeating With Burp Suite
Justin Moore
BSidesROC · 2018
TechnicalToolingWeb AppSecDemoTalk
Open →2018-04
57:48
Performing JavaScript Static Analysis by Lewis Ardern
Lewis Ardern
BSides Leeds · 2018
TechnicalWeb AppSecTalk
Open →2018-01
41:35
How to Write Your First Nuclei Template
Dhiyaneshwaran
BSides Ahmedabad
TechnicalVulnerability ResearchWeb AppSecTalk
Open →2023-02
31:58
Automating Web Application Bug Hunting
Jerry GamblinJonathan Cran
BSidesSF · 2019
TechnicalOSINTVulnerability ResearchWeb AppSecTalk
Open →2019-03
39:37
Committing CSS Crimes for fun and profit
Lyra Rebane
BSides Tallinn · 2025
TechnicalWeb AppSecTalk
Open →2025-10
48:32
DOM Based Angular Sandbox Escapes
Gareth Heyes
BSides Manchester · 2017
TechnicalVulnerability ResearchWeb AppSecAdvancedRedTechnical Deep-divesTalk
Open →2017-08
44:22
SWF Seeking Lazy Admin for Cross-Domain Action
Seth Art
BSides DC · 2014
TechnicalOWASPWeb AppSecTalk
Open →2014-10
45:31
Source Code Security Audit Speed Run
Eldar Marcussen
BSides Canberra · 2019
TechnicalVulnerability ResearchWeb AppSecTalk
Open →2019-05
25:25
Web Apps: APIs’ Nightmare
BSides Ahmedabad
TechnicalOWASPWeb AppSecIntroTalk
Open →2024-05
42:25
Client-Side to Critical
Satyam GothiKuldeep Pandya
BSides Ahmedabad · 2025
TechnicalVulnerability ResearchWeb AppSecRedTalk
Open →2025-05
44:04
Inside Magecart: Their Web Skimming Tactics Revealed
Terry Bishop
BSides London · 2019
TechnicalMalware AnalysisThreat IntelWeb AppSecIntermediaryTalk
Open →2019-06
15:37
Tale of Chaining Bugs for Account Takeover
Harsh Bothra
BSides Ahmedabad · 2022
TechnicalVulnerability ResearchWeb AppSecRedCase Studies and Incidents AnalysisTalk
Open →2023-02
5:44
Yassine Aboukir: Bug Bounty, Authentication Vulnerabilities, and Hacker Collaboration
Yassine Aboukir
BSides Ahmedabad · 2023
CareerVulnerability ResearchWeb AppSecRedTalk
Open →2023-02
1:42:10
Exploiting esoteric Android vulnerability
SharanSanjay
BSides Ahmedabad · 2021
TechnicalWeb AppSecIntermediaryRedWorkshop
Open →2022-04
47:45
John Heasman - Doing More in AppSec by Doing Less
John Heasman
BSides Knoxville
TechnicalThreat ModelingWeb AppSecBlueMethodologyTalk
Open →2024-09
1:05:00
You can't make web app security easy, but you can make it simple
Joseph McCray
BSides DC · 2015
TechnicalWeb AppSecTalk
Open →2015-12
38:30
OWASP Top 10 Like I'm Five: From A Bug Bounty Hunter's Perspective
Dávid Schütz
BSides Budabest · 2019
TechnicalOWASPWeb AppSecIntroTalk
Open →2019-06
42:33
Web Application Vulnerability Scanners: An Introduction & Discussion on Their Limitations
Robert Feeney
BSides Cape Town · 2019
TechnicalVulnerability ResearchWeb AppSecTalk
Open →2019-12
14:04
XS Leaks: Client Side Attacks In A Post XSS World
Zeyu Zayne Zhang
BSides London
TechnicalWeb AppSecTalk
Open →2024-02
41:19
Till REcollapse: fuzzing the web for mysterious bugs
André Baptista
BSides Lisbon · 2022
TechnicalWeb AppSecTalk
Open →2022-12
8:30
PHP Execute After Redirect to SQL Injection
Kuldeep Pandya
BSides Ahmedabad · 2022
TechnicalVulnerability ResearchWeb AppSecRedDemo
Open →2023-02
25:39
Journey to Command Injection: Hacking the Lenovo ix4-300d
Rick Ramgattie
BSidesSF · 2019
TechnicalHardware HackingVulnerability ResearchWeb AppSecIntermediaryRedDemo
Open →2019-03
6:51
Playing with Fake Emails for Fun and Profit
Sayaan Alam
BSides Ahmedabad · 2022
TechnicalVulnerability ResearchWeb AppSecRedCase Studies and Incidents AnalysisTalk
Open →2023-02
52:48
Navigating Bug Bounties: From NAs to P1s
Animesh Acharya
BSides Canberra · 2025
CareerVulnerability ResearchWeb AppSecRedCase Studies and Incidents AnalysisTalk
Open →2025-11
25:08
Behind Enemy Lines by Ido Rozen
Ido Rozen
BSides TLV · 2022
ResearchMalware AnalysisThreat IntelWeb AppSecTalk
Open →2022-07
23:35
AI Red Teaming for Artificial Dummies
Bryson Loughmiller
BSides SLC · 2025
TechnicalAI SecurityWeb AppSecRedTalk
Open →2025-06
42:23
Not All Vulnerabilities Are The Same
Shubham Shah
BSides Canberra · 2025
ResearchVulnerability ResearchWeb AppSecKeynote
Open →2025-12
42:09
BSidesSF 2021 - Offensive Javascript Techniques for Red Teamers (Dylan Ayrey • Christian Frichot)
Dylan AyreyChristian Frichot
BSidesSF · 2021
TechnicalWeb AppSecRedTalk
Open →2021-03
44:41
Malvertising: Under The Hood
Chris Boyd
BSides Manchester · 2017
TechnicalMalware AnalysisThreat IntelWeb AppSecTalk
Open →2017-08
41:32
The Dark Side of DeFi
Rudra SinghArbaz Hussain
BSides Ahmedabad · 2022
TechnicalSmart Contract SecurityVulnerability ResearchWeb AppSecIntermediaryTechnical Deep-divesTalk
Open →2023-02
26:03
Automated Security Scanning of GraphQL APIs with Burp
Jared Meit
BSides Toronto · 2022
TechnicalVulnerability ResearchWeb AppSecDemoTalk
Open →2022-10
55:12
Would I Even Be Here If It Wasn't for the Internet?
Ben Sadeghipour
BSides Knoxville · 2022
CommunityCareer & Soft SkillsWeb AppSecKeynote
Open →2022-05
24:37
A Less Known Attack Vector: Second Order IDOR Attacks
Ozgur Alp
BSides Athens · 2020
TechnicalOWASPWeb AppSecRedTalk
Open →2020-06
56:19
Content Security Policy — Lessons Learned at Yahoo
Binu Ramakrishnan
BSides DC · 2015
TechnicalWeb AppSecCase Studies and Incidents AnalysisTalk
Open →2015-11
51:14
Continuous Security Testing in a DevOps World
Stephen de Vries
BSides London · 2014
TechnicalDevSecOpsWeb AppSecDemoTalk
Open →2014-05
38:31
The Next Generation of Web Exploits: From Cache Poisoning to Multi-Layer Fingerprinting
Steve Sprecher
Bsides CT · 2025
TechnicalVulnerability ResearchWeb AppSecEmpirical ResearchTechnical Deep-divesTalk
Open →2025-12
19:06
Hacking a Hackathon for Fun and Profit
Alexei KojenovAlex Ivkin
BSides PDX · 2018
TechnicalSupply Chain SecurityVulnerability ResearchWeb AppSecRedCase Studies and Incidents AnalysisTalk
Open →2018-03
40:56
How to Hack OAuth
Aaron Parecki
BSides PDX · 2019
TechnicalWeb AppSecIntermediaryCase Studies and Incidents AnalysisTalk
Open →2019-11
41:34
Knock Knock. Race Condition. Who's There?
Ross Simpson
BSides Cape Town · 2025
TechnicalVulnerability ResearchWeb AppSecTalk
Open →2025-12
40:29
Fixing XSS with Content Security Policy
Ksenia Dmitrieva
BSides DC · 2015
TechnicalOWASPWeb AppSecTalk
Open →2015-12
23:20
Bye-Bye False Positives: Using AI to Improve Detection
Ivan Novikov
BSidesSF · 2019
TechnicalWeb AppSecBlueTalk
Open →2019-03
26:29
Finding & Exploiting Client-Side Prototype Pollution in the Wild
BSides Ahmedabad · 2021
TechnicalVulnerability ResearchWeb AppSecRedCase Studies and Incidents AnalysisMethodologyTalk
Open →2022-02
8:00:21
BSides Oslo 2025 — Live Stream
BSides Oslo 2025
TechnicalMalware AnalysisReverse EngineeringSocial EngineeringThreat IntelWeb AppSecIntermediaryRed+1
Open →2025-10
27:03
From Zero To SSRF To RCE And Back Again by Tom Cope
Tom Cope
BSides Basingstoke · 2022
TechnicalWeb AppSecTalk
Open →2022-07
33:04
CSRFT, A Toolkit for CSRF Vulnerabilities
Paul Amar
BSides London · 2014
TechnicalToolingWeb AppSecDemoTalk
Open →2014-05
28:25
Understanding IRSF Fraud: Protecting Against SMS Exploitation
Vien VanSenthil Sivasubramanian
BSidesSF · 2025
TechnicalDetection EngineeringThreat IntelWeb AppSecTalk
Open →2025-10
52:29
Payload Delivery Networks - Abusing CDNs to bypass WAF and DDoS protections
BSides Canberra · 2024
TechnicalWeb AppSecTalk
Open →2024-10
55:11
Mastering Bug Bounty: The Secrets of hunting bugs by Devansh Chauhan
Devansh Chauhan
BSides Noida · 2024
CareerVulnerability ResearchWeb AppSecIntroTalk
Open →2024-11
1:04:18
Java Serialization Attacks
Robert Seacord
BSides Peru · 2017
TechnicalVulnerability ResearchWeb AppSecTechnical Deep-divesTalk
Open →2017-07
39:36
Subdomain Takeovers
Simon Gurney
BSides Newcastle · 2022
TechnicalVulnerability ResearchWeb AppSecRedTalk
Open →2022-09
52:17
reNgine: An Automated Reconnaissance Framework
Yogesh Ojha
BSides Cyprus · 2021
TechnicalWeb AppSecRedDemo
Open →2022-06
3:30:16
BSides Noida : Day - 1
Fardeen AhmadSourav KumarKavisha ShethPhilippe Humeau
BSides Noida · 2021
TechnicalCloud IAMVulnerability ResearchWeb AppSecTalk
Open →2021-08
14:37
JWTs And Why They Suck
Rory M
BSides London · 2022
TechnicalCryptographyWeb AppSecTalk
Open →2022-01
52:25
SQL Injection — omówienie i prewencja w Django
Adam Wołk
BSides Warsaw · 2019
TechnicalWeb AppSecTalk
Open →2019-10
56:32
Static Code Analysis, from Source to Sink
Paul Johnston
BSides Manchester · 2015
TechnicalVulnerability ResearchWeb AppSecTalk
Open →2015-09
35:30
Hacking Companies For Internet Glory While Not Dying In A Sarlacc Pit
Andy Gill
BSides Leeds · 2019
TechnicalOSINTVulnerability ResearchWeb AppSecRedTalk
Open →2019-01
25:59
Using Common Attack Database and Intent Clustering to protect websites, mobile apps and APIs
Paulina Cakalli
BSides Prishtina
TechnicalWeb AppSecTalk
Open →2023-05
30:48
A Two-part Saga: Continuing the Journey of Hacking Malware C2s
Vangelis Stykas
BSides Prague · 2024
TechnicalMalware AnalysisVulnerability ResearchWeb AppSecRedCase Studies and Incidents AnalysisTechnical Deep-divesTalk
Open →2024-04
25:47
How to beat application DDoS attacks with CrowdSec & Cloudflare
Klaus Agnoletti
BSides Barcelona
TechnicalWeb AppSecTalk
Open →2022-01
27:11
Hacking with a Heads Up Display
David Scrobonia
BSidesSF · 2019
TechnicalToolingOWASPWeb AppSecTalk
Open →2019-03
22:50
BADPDF: Stealing Windows Credentials via PDF Files
Ido SolomonAdi Ikan
BSidesSF · 2019
TechnicalNetwork SecurityVulnerability ResearchWeb AppSecRedTechnical Deep-divesTalk
Open →2019-03
25:34
Attacking GraphQL: A Guide for Penetration Testers
Keith Makan
BSides Cape Town · 2025
TechnicalVulnerability ResearchWeb AppSecRedTalk
Open →2025-02
8:48:36
Build Hybrid Mobile Apps Like a Security Pro
VanitaVinnie
BSides Las Vegas · 2023
TechnicalMobile SecurityWeb AppSecTalk
Open →2023-08
46:32
Anyone Can Hack APIs: A Crash Course For Pentesters And Bug Bounty Hunters
Alex Olsen
BSides London · 2025
TechnicalVulnerability ResearchWeb AppSecRedTalk
Open →2026-03
41:38
Web Application Exploit 101: Breaking Access Control and Business Logic
Tomohisa Ishikawa
BSides Philly · 2017
TechnicalOWASPWeb AppSecRedTalk
Open →2017-08
25:06
BSidesSF 2020 - The Voight-Kampff Test for Discovering Vulnerabilities (Vanessa Sauter)
Vanessa Sauter
BSidesSF · 2020
TechnicalWeb AppSecTalk
Open →2020-03
55:50
Practical Serialization Attacks
Nicky Bloor
BSides Manchester · 2017
TechnicalReverse EngineeringVulnerability ResearchWeb AppSecAdvancedRedCase Studies and Incidents AnalysisTechnical Deep-dives+1
Open →2017-08
32:13
What We Can Learn from Google's Fight with Phishing
Neal Mueller
BSidesSF · 2018
ResearchWeb AppSecCase Studies and Incidents AnalysisEmpirical ResearchTalk
Open →2018-04
45:38
BSidesSF 2022 - JavaScript Obfuscation - It’s All About the P-a-c-k-e-r-s (Or Katz)
Or Katz
BSidesSF · 2022
TechnicalSupply Chain SecurityWeb AppSecTalk
Open →2022-07
41:29
The Art of Compromising C2 Servers
Vangelis Stykas
BSides Berlin · 2023
TechnicalMalware AnalysisReverse EngineeringWeb AppSecAdvancedRedTalk
Open →2024-01
53:01
Hidden Networks Pivoting: Redefining DNS Rebinding Attack
Tomer ZaitNimrod Levy
BSides Las Vegas · 2019
TechnicalNetwork SecurityVulnerability ResearchWeb AppSecAdvancedRedTalk
Open →2019-10
26:54
Introduction to OWASP Juice Shop
Tim Corless-Carter
BSides Manchester · 2019
TechnicalOWASPVulnerability ResearchWeb AppSecIntroRedDemo
Open →2019-09
14:18
EmailShell: A War Story On Leveraging Server Side Template Injection (SSTI) To Hack Into GCP
Phillip
BSides London · 2025
TechnicalVulnerability ResearchWeb AppSecRedCase Studies and Incidents AnalysisTalk
Open →2026-03
51:30
Security OAuth 2.0
Jonathon BrookfieldFraser Winterborn
BSides Leeds
TechnicalWeb AppSecTalk
Open →2018-01
28:33
Hook, Line, and Tinker: A Dive into Phishing Campaign Sites
Rick Ramgattie
BSidesSF · 2024
TechnicalOSINTThreat IntelWeb AppSecIntermediaryCase Studies and Incidents AnalysisTalk
Open →2024-07
31:37
Decoding GraphQL: How to Map Hidden Vulnerabilities
Antoine CarossioTristan Kalos
BSidesSF · 2025
TechnicalWeb AppSecTalk
Open →2025-06
36:00
Attacking Authentication in Web Applications - Jake Miller
Jake Miller
BSides SATX · 2018
TechnicalWeb AppSecRedTalk
Open →2018-07
19:44
Uncommon And Advanced Techniques For Account Takeover Attacks by Ayoub Safa
Ayoub Safa
BSides Leeds
TechnicalVulnerability ResearchWeb AppSecRedCase Studies and Incidents AnalysisTalk
Open →2023-07
40:05
Empowering Junior Testers: Strategies For Uncovering Critical Vulns In Web Applications
Tom Stacey
BSides Exeter
TechnicalWeb AppSecTalk
Open →2024-09
38:06
Como Hackear um Banco sem Sair do seu Quarto?
Arthur AiresMatheus WreckGustavo Oliveira
BSides São Paulo · 2025
TechnicalWar StoriesReverse EngineeringVulnerability ResearchWeb AppSecAdvancedRedTalk
Open →2025-06
31:29
HTTP Security Headers: A Technology History Through Scar Tissue
Benjamin Hering
BSidesSF · 2019
TechnicalWeb AppSecTalk
Open →2019-03
38:01
Entomology 101: Finding, Studying, and Exploiting Bugs
Louis Nyffenegger
BSides Canberra · 2020
TechnicalVulnerability ResearchWeb AppSecTalk
Open →2020-07
19:28
XXE for Dummies
Brian Myers
BSides PDX · 2019
TechnicalOWASPWeb AppSecIntroDemoTalk
Open →2019-11
43:47
Secure Designs, UX Dragons, Vuln Dungeons
Mike ShemaKalyani PawarJack Cable
BSidesSF · 2025
TechnicalThreat ModelingWeb AppSecPanel
Open →2025-06
41:23
THICC Clients: Reverse Engineering Your Way To Application Admin
Harry Williams
BSides London · 2025
TechnicalReverse EngineeringWeb AppSecRedTalk
Open →2026-03
29:53
Google Pay, Drug Bots, & SIM Swaps: How Old Leaks Power New Attacks
Sarit YerushalmiRon Masas
BSides London · 2025
ResearchTechnicalOSINTSocial EngineeringVulnerability ResearchWeb AppSecAdvancedCase Studies and Incidents Analysis+2
Open →2026-03
30:09
Insecurity protocols: an overview of modern authentication
Eric Chiang
BSidesSF · 2024
TechnicalCryptographyWeb AppSecTalk
Open →2024-07
24:50
Layers of Cloud: Azure and the Mishandling of Secrets
Katie Knowles
BSides Toronto · 2022
TechnicalCloud IAMWeb AppSecCase Studies and Incidents AnalysisTalk
Open →2022-10
26:10
Secure Browser and Browser Isolation 101
Evgeniy Kharam
BSides Vancouver · 2022
TechnicalNetwork SecurityWeb AppSecTalk
Open →2022-07
24:50
Robots.txt - There's gold in them thar files
BSides Peru 2015
TechnicalOSINTWeb AppSecTalk
Open →2015-06
View all 441 talks tagged Web AppSec →