January 2014, at CodeMash, I'll be presenting my new 4 hours Applied Application Security seminar as a precompiler. It is Tuesday afternoon, on the first day of the conference. A Tuesday precompiler ticket is required for attendance, but there is no additional charge.
We will be covering both testing for the vulnerabilities that I feel developers need to know the most about, and defensive methods that work in today's market. It is a language neutral class - samples will be in Java, C#, PHP, Ruby and occasionally Perl. The topic breakdown is:
- Information disclosure (spilling to Google, exception management, server ops)
- Injection (SQL, OS, Browser, LDAP, AD)
- Authentication and session management
- Data protection
This is a participatory session. To be prepared for this session, please have a virtual machine manager loaded with
Samurai WTF. This is a training VM in Linux that has both the training sites, and the tools for testing, preinstalled.
If you are planning on attending and have any questions, please don't hesitate to email me at bill@pointweb.net or call me at 614-402-7207. I'll be glad to fill you in.
Hope to see you there.