Difference between revisions of "The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security"

From OWASP
Jump to: navigation, search
(Created page with '== The presentation == rightSecurity is harder than it looks: seemingly innocuous programming constructs can turn a cool project into a time bom…')
 
(The presentation)
 
Line 1: Line 1:
 
== The presentation  ==
 
== The presentation  ==
  
[[Image:Owasp_logo_normal.jpg|right]]Security is harder than it looks: seemingly innocuous programming constructs can turn a cool project into a time bomb. This talk demonstrates the problem of promiscuous parameters and other security anti-patterns that arise in modern Web frameworks from ASP.NET to Spring. If you respect your users, you owe it to them to keep your code safe.
+
[[Image:Owasp_logo_normal.jpg|right]]ecurity is harder than it looks: seemingly innocuous programming constructs can turn a cool project into a time bomb. The prevalence of “safe” languages like Java and C# combined with an ever-increasing number of abstraction layers are making vulnerabilities like buffer overflow and SQL injection things of the past. But is security on the Web getting better universally? This talk takes a deep-dive into modern web programming paradigms and frameworks, including ASP.NET, Spring and Struts, to demonstrate security anti-patterns that every developer on the Web needs to grok.
  
 
== The speaker  ==
 
== The speaker  ==

Latest revision as of 16:47, 4 November 2009

The presentation

Owasp logo normal.jpg
ecurity is harder than it looks: seemingly innocuous programming constructs can turn a cool project into a time bomb. The prevalence of “safe” languages like Java and C# combined with an ever-increasing number of abstraction layers are making vulnerabilities like buffer overflow and SQL injection things of the past. But is security on the Web getting better universally? This talk takes a deep-dive into modern web programming paradigms and frameworks, including ASP.NET, Spring and Struts, to demonstrate security anti-patterns that every developer on the Web needs to grok.

The speaker

Jacob West is Director of Security Research at Fortify Software where his team is responsible for building security knowledge into Fortify's products. Jacob brings expertise in numerous programming languages, frameworks and styles together with knowledge about how real-world systems can fail. Before joining Fortify, Jacob contributed to the development of MOPS, a static analysis tool used to discover security vulnerabilities in C programs. In 2007, he co-authored a book with colleague Brian Chess titled "Secure Programming with Static Analysis". When he is away from the keyboard, Jacob spends time speaking at conferences and working with customers to advance their understanding of software security.