Tricks of the Trade - What Every Developer Should Know About Application Security

Learn how to exploit security vulnerabilities that are commonly found in the arsenal of malicious attackers. We won't simply talk about issues like Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF), but will show how hackers abuse these potentially devastating defects by finding and exploiting vulnerabilities in real world open source web applications built in Java. We will proceed to walk through the source code and actually fix these issues using secure coding techniques. We will also discuss best practices that can be used to build security into your SDLC.

Java developers and architects will learn how to find and fix security issues in their applications before hackers do.

This session covers

• Exploiting vulnerabilities in a running web application
  
• Finding security issues in the source code of a real open source application
  
• Fixing the vulnerabilities using secure coding techniques
  

About Frank Kim

Frank Kim is a security leader with over 17 years of experience in information security, risk management, and enterprise IT. He has a passion for developing security strategies and building teams focused on practical solutions to business risks. He currently serves as the curriculum lead for application security at the SANS Institute and is the author and an instructor for the Secure Coding in Java course. Frank is a popular public speaker and has presented at security, software development, and leadership events around the world and was twice named a JavaOne Rock Star.

More About Frank »