This talk is about reviewing the vulnerabilities discovered for Java Web Application Frameworks, the impact they present, and why stack traces should never be considered a low risk. The talk will dive into common insecurities around web application frameworks in Java such as Struts. It will serve as an introduction to the vulnerability classes, how to identify and test for them manually in web application security assessments and penetration tests.
Benjamin Watson is the Managing Consultant for VerSprite's Application Security practice. His primary focus is on web application security, penetration testing, and application security architecture.