We can all agree effective product teams work to deliver valuable features to their businesses and their users. Just as every product has target users, it also attracts unintended users: attackers. Like regular users, attackers hope the application will behave a certain way, but when those hopes are met, it can be disastrous for the business.
We want to show agile teams an easy, familiar way to take on the responsibility of securing their application and, through that, protect their business.
In this talk, we’ll walk through the agile process of preventing an attack that will expose a user’s PII. We’ll start by defining an attacker persona and writing a user story written from an attacker’s perspective. We’ll then use Spring Security’s test support to check if this attack is possible, and finally we’ll secure the application using Spring Security.