Speakers
- Venkat Subramaniam
- Matt Stine
- Brian Sletten
- Ken Sipe
- Nathaniel Schutta
- Mark Richards
- Pratik Patel
- Matthew McCullough
- Neal Ford
- Tim Berglund
- Peter Bell
- Craig Walls
- Hans Dockter
- Jeff Brown
- Oleg Zhurakousky
- Billy Williams
- Johnny Wey
- Chris Wensel
- Jim Webber
- James Ward
- Vaughn Vernon
- John Steven
- Bruce Snyder
- John Smart
- Stuart Sierra
- Roshan Sequeira
- Brian Sam-Bodden
- Terry Ryan
- Johanna Rothman
- Ian Robinson
- Paul Rayner
- Nilanjan Raychaudhuri
- Matt Raible
- Eric Pugh
- Peter Niederwieser
- Andrew Lombardi
- Howard Lewis Ship
- Tiffany Lentz
- Scott Leberknight
- Kenneth Kousen
- Kirk Knoernschild
- Dave Klein
- Paul King
- Frank Kim
- Heath Kesler
- Christopher Judd
- Jez Humble
- Daniel Hinojosa
- Erik Hatcher
- James Harmon
- Arun Gupta
- Jerry Gulla
- Jeff Genender
- Raju Gandhi
- Szczepan Faber
- Ben Ellingson
- Todd Ellermann
- Johan Edstrom
- Hamlet D`Arcy
- Esther Derby
- Jeremy Deane
- Luke Daley
- Adrian Cole
- Cliff Click
- Charles Bradley
- David Bock
- Ola Bini
- Scott Bain
- Alex Antonov
- Andres Almiray
- Dan Allen
Frank Kim
Author of Secure Coding in Java/JEE
Frank Kim is the founder and principal consultant with ThinkSec as well as the curriculum lead for application security at the SANS Institute. Frank has over 14 years experience in software development, information technology and security. He has designed and developed applications for large health care, technology, insurance, and consulting companies. Frank currently focuses on security strategy and application security program development with a special interest in integrating security into the software development life cycle. Frank is the author of the SANS Institute's Secure Coding in Java/JEE course and has given security talks at JavaOne, Devoxx, and Jazoon. Recently, Frank was named a JavaOne Rock Star for his talk "Java EE Web Security By Example".
Presentations
Tricks of the Trade - What Every Developer Should Know About Application Security
Learn how to exploit security vulnerabilities that are commonly found in the arsenal of malicious attackers. We won't simply talk about issues like Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF), but will show how hackers abuse these potentially devastating defects by finding and exploiting vulnerabilities in real world open source web applications built in Java. We will proceed to walk through the source code and actually fix these issues using secure coding techniques. We will also discuss best practices that can be used to build security into your SDLC.
Java developers and architects will learn how to find and fix security issues in their applications before hackers do.
This session covers
- Exploiting vulnerabilities in a running web application
- Finding security issues in the source code of a real open source application
- Fixing the vulnerabilities using secure coding techniques
How to Use Secure HTTP Headers
Learn how to use the latest HTTP headers to prevent attacks like Clickjacking, Cross-Site Scripting (XSS), and Session Hijacking. To address security defects developers typically resort to fixing architectural issues and security bugs directly in the code. A few use security related HTTP headers to mitigate the risks posed by malicious attackers. Some developers might even pray that security issues will be fixed automagically by the browser.
Come learn how a combination of these techniques can help you develop more secure Java web applications.
Security Inception
Learn how your organization can fall prey to malicious attackers. Using real-world case studies you'll see exactly how hackers exploited and embarrassed several well-known companies. Analyzing these events provides enormous insight into what works and what doesn't when building, maintaining, and defending your app.
Hearing these stories will plant a security seed in your mind that may change everything.