Skip to content

Latest commit

 

History

History
29 lines (24 loc) · 1.18 KB

README.md

File metadata and controls

29 lines (24 loc) · 1.18 KB

Gatsby

🚀 Welcome GatsbyConf 2022 Visitors!

This demo web application has been created by @mlgualtieri and @rmatambo8 for the GatsbyConf 2022 workshop: Building a Secure Gatsby Website. The demo is a small application designed to securely share documents. There may be some (purposful) vulnerabilities in it though!

The workshop will cover the following topics:

  • Securely architecting a Gatsby web application
  • IAM basics
  • JWT authentication
  • Environment variables
  • Data caching and security
  • Securely logging out
  • CSRF and XSS
  • Can you hack Static? Using CSP and SRI
  • Common web application vulnerability: Broken authentication
  • Common web application vulnerability: IDOR
  • Common web application vulnerability: Injection

To try out the application run:

cd gatsbyconf22-security-workshop/
npm install
gatsby develop

Note: For the application to be fully functional it requires an AWS RDS MySQL server and an AWS S3 bucket, accessible via an IAM user.