Main Nav

Oct 28th, 2008
8:30 AM - 12:00 PM
Room W331
Mountain Time
Easily accessible, simple instructions on how to attack a website are freely available to teenagers or professional hackers in the black market of personal data. Attacks such as URL rewriting, cross-site scripting, and SQL injection permit the most deadly form of application hacking, allowing intruders to access your data. Although a firewall is good protection, it is the beginning of a security strategy and does not protect a web application from these kinds of exploits. This session will demonstrate and explain common application hacks, defense techniques, and countermeasures. We will share various open source and vendor scanning tools that can be used to detect application security vulnerabilities and review OWASP's WebGoat as a security learning tool. You will also learn emerging practices on how to incorporate quality and security assurance into your software development life cycle or software acquisition. Sample checklists will be provided that can be used as part of a security review process.