The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security

The presentation
Security is harder than it looks: seemingly innocuous programming constructs can turn a cool project into a time bomb. This talk demonstrates the problem of promiscuous parameters and other security anti-patterns that arise in modern Web frameworks from ASP.NET to Spring. If you respect your users, you owe it to them to keep your code safe.

The speaker
Jacob West is Director of Security Research at Fortify Software where his team is responsible for building security knowledge into Fortify's products. Jacob brings expertise in numerous programming languages, frameworks and styles together with knowledge about how real-world systems can fail. Before joining Fortify, Jacob contributed to the development of MOPS, a static analysis tool used to discover security vulnerabilities in C programs. In 2007, he co-authored a book with colleague Brian Chess titled "Secure Programming with Static Analysis". When he is away from the keyboard, Jacob spends time speaking at conferences and working with customers to advance their understanding of software security.