Southern Ohio Software Symposium
August 26 - 28, 2005 - Cincinnati, OH
Web Application Security Vulnerabilities
This session highlights common mistakes made by web programmers, stating the problems and avoidance techniques.
Building secure web applications is difficult. Common trivial mistakes in other programming environments break web applications. This session highlights common mistakes made by web programmers, stating the problems and avoidance techniques. The material in this session is derived from the Open Web Application Security Project (OWASP) and other sources. It covers the OWASP top 10 list of vulnerabilities (including examples). It also demonstrates some (legal!) hacker tools that malicious developers use against you. This session includes case studies showing complete attacks, from vulnerability acquisition to compromise. It also covers open-source tools (such as Stinger) that automate some of the security jobs for developers. This session is designed to scare you – but in a good way!
Key Session Points:
* OWASP List of Vulnerabilities
- Insecure configuration management
- Denial of service
- Insecure storage
- Improper error handling
- Injection flaws
- Buffer overflows
- Cross site scripting flaws
- Broken authentication and session management
- Broken access control
- Security Tools and frameworks
- Case Study: Hacking Oracle through a browser
- Case Study: Cross-site scripting
- Case Study: SQL Injection
About Neal Ford
Neal is Director, Software Architect, and Meme Wrangler at ThoughtWorks, a global IT consultancy with an exclusive focus on end-to-end software development and delivery.
Before joining ThoughtWorks, Neal was the Chief Technology Officer at The DSW Group, Ltd., a nationally recognized training and development firm. Neal has a degree in Computer Science from Georgia State University specializing in languages and compilers and a minor in mathematics specializing in statistical analysis.
He is also the designer and developer of applications, instructional materials, magazine articles, video presentations, and author of 6 books, including the most recent The Productive Programmer. His language proficiencies include Java, C#/.NET, Ruby, Groovy, functional languages, Scheme, Object Pascal, C++, and C. His primary consulting focus is the design and construction of large-scale enterprise applications. Neal has taught on-site classes nationally and internationally to all phases of the military and to many Fortune 500 companies. He is also an internationally acclaimed speaker, having spoken at over 100 developer conferences worldwide, delivering more than 600 talks. If you have an insatiable curiosity about Neal, visit his web site at http://www.nealford.com. He welcomes feedback and can be reached at firstname.lastname@example.org.More About Neal »