Difference between revisions of "Solving Real World Problems with ESAPI"

From OWASP
Jump to: navigation, search
(Created page with '== The presentation == rightA great deal of work has gone into aggregating statistics and information about security vulnerabilities in enterpri…')
 
(added link header)
 
Line 1: Line 1:
 +
[[Image:468x60-banner-2010.gif|link=http://www.owasp.org/index.php?title=OWASP_AppSec_DC_2010]]
 +
 +
[https://guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx?e=d52c6f5f-d568-4e16-b8e0-b5e2bf87ab3a Registration] | [https://resweb.passkey.com/Resweb.do?mode=welcome_gi_new&groupID=2766908 Hotel] | [http://www.dcconvention.com/ Walter E. Washington Convention Center]
 +
<br>
 
== The presentation  ==
 
== The presentation  ==
  

Latest revision as of 00:03, 21 September 2010

468x60-banner-2010.gif

Registration | Hotel | Walter E. Washington Convention Center

The presentation

Owasp logo normal.jpg
A great deal of work has gone into aggregating statistics and information about security vulnerabilities in enterprise applications on the internet. A lot of work has also been done in creating software libraries and secure coding guidelines to mitigate vulnerabilities. The OWASP group has created an ESAPI that is meant to act as a service provider of security to enterprise applications. There is a lot of documentation and resources available on what an ESAPI is, but there is not much information on how to actually implement an ESAPI to mitigate a specific set of vulnerabilities in an application. This presentation aims to provide information on how to use ESAPI to solve real-world security problems in a clear and interactive way.

Using ESAPI for Java, I will demonstrate examples of vulnerabilities in simple web applications, describe the problem and solution, then fix the vulnerabilities. I will also discuss the importance of developing the ESAPI to fit the business needs of the application.

The presentation will use OWASP ESAPI configured with the reference implementations for Encoding/Decoding, Encryption, Logging, WAF, and Validation. For Authentication and Access Control a custom implementation will be used to show how easy it is to implement business specific implementations into the ESAPI framework.

The speaker

Speaker bio will be posted shortly.