See the hacker's toolbox in action as various web applications are ripped open by exploiting simple software bugs. Common problems such as Cross-Site Scripting (XSS) and SQL Injection will be demonstrated and explained, along with more subtle vulnerabilities including privilege escalation, data tampering, and Cross-Site Request Forgery.

Even if you've seen XSS and SQL Injection before, advanced techniques will be presented that can slip through many protections. As a finale, the holy grail of web security will be broken with a Man-In-The-Middle attack on SSL. Although countermeasures are briefly covered, this is first and foremost a shock and awe presentation that will motivate you to secure your applications. Attendees will receive a CD with all the Hacme applications used during the presentation so you can practice your new 'skillz.'

This session provides a gentle introduction to cryptography then covers the many subtle mistakes that even experienced developers make when writing cryptographic code.

Attendees will learn about proper implementation of the Java Cryptography Extension, Java Secure Sockets Extension, and jarsigner. Special attention is given to the challenges of key management and Public Key Infrastructure. No prior knowledge of cryptography is necessary.

This session examines the code that developers must write in order to enable the detection of malicious activity and preservation of evidence after a security breach.

There are only two kinds of software applications: those that have been hacked, and those that will be hacked. Since it is only a matter of time before an incident occurs, take action now to make sure you find out before the Wall Street Journal does. Key components of your strategy should include tamper-proof audit trails, appropriate log events (some might surprise you!), and regular monitoring. Because hackers know they need to cover their tracks, specific attacks against logging mechanisms are also covered.