Unsafe Code Lab: How Modern Web Frameworks Fail (and How to Fix Them)

• Length: 20 minutes

Unsafe Code Lab is an open-source collection of vulnerable backend applications built with modern web frameworks: Next.js, Koa, Django REST Framework, FastAPI and others. It’s a streamlined way to learn how modern web frameworks work, what makes them tick, how they break and how to fix them. Built for security engineers and researchers.

Use it to get up to speed quickly on unfamiliar frameworks, run targeted secure code reviews and see how framework API design can either create security traps or completely prevent mistakes that are common elsewhere. The runnable, annotated scenarios also work as a research harness for vulnerability research and exploit development.

At BSides Oslo we’ll demo our first public release: ten modern frameworks across Python and JavaScript. We’ll share what we learned, show fresh vulnerabilities we uncovered and outline our roadmap for expanding into more languages.

Irina Iarlykanova

Irina Iarlykanova is a co-founder of the first ACM Student Chapter in the Maastricht University where she studies Computer Science.

She is also an active CTF player, specializing in web application security. Irina has professional experience as a software engineer at a security consulting firm and she currently writes her thesis on web framework security.