How Not To Get Hacked

How Not To Get Hacked
with Aaron Cure, Senior Security Consultant, Cypress Data Defense, LLC
The application layer is increasingly targeted as a vector for penetrating corporate and government infrastructures. Developers, under continuous pressure to develop applications with more functionality in shortening development cycles, have frequently had few opportunities to consider the security implications of the code they are developing. When security assessments are conducted, vulnerabilities are frequently identified but little is done to demonstrate remediation steps to close the vulnerabilities.
Come and participate as Aaron covers a few of the most common security vulnerabilities found in web applications. These vulnerabilities will be explained, live code will be run to demonstrate exploitation of the vulnerabilities, and most importantly, remediation code will be implemented and demonstrated to show that the code is no longer exploitable.
Vulnerabilities to be addressed include:
SQL Injection
Cross-site scripting (XSS)
Header injection (and free tool in .NET to automatically set a suite of security related headers)
Cross Site Request Forgery (CSRF, majority of web applications are vulnerable and most developers are not aware of it)