Session: Java Web Security By Example
Wednesday 13.00 - 13.50
Room: Honey Badger
Learn how to exploit security vulnerabilities that are commonly found in the arsenal of malicious attackers. We won't simply talk about issues like XSS, CSRF and SQL Injection, but will have live demos showing how hackers exploit these potentially devastating defects using freely available tools. You'll see how to hack a real world open source application and explore bugs in commonly used open source frameworks. We also look at the source code and see how to fix these issues using secure coding principles. We will also discuss best practices that can be used to build security into your SDLC. Java developers and architects will learn how to find and fix security issues in their applications before hackers do.
Frank Kim is the founder and principal consultant with ThinkSec as well as the curriculum lead for application security at the SANS Institute. Frank focuses on security strategy and application security program development with a special interest in integrating security into the SDLC. Frank is the author of the SANS Institute's Secure Coding in Java course. He has spoken internationally at events like JavaOne, Devoxx, Jazoon, and UberConf and was recently named a JavaOne Rock Star.