Security Solutions for Web Applications

Chris Palmer (iSEC Partners)
Location: 2005 Level:
Average rating: ***..
(3.60, 10 ratings)

Experience shows that a wide range of application security problems are still vexing developers, businesses, and users. In this workshop I demonstrate techniques and provide freely-usable code for solving many of these problems.

As an engineering consultant, I see many developers struggle with security, reliability, and correctness problems that are hard to solve without the right framework. But with the right approach, you can put these problems to bed! Problems include:

  • Cross-site scripting and JavaScript injection
  • JavaScript hijacking
  • Cross-site request forgery
  • SQL injection
  • Sending sensitive data to the client unsafely (e.g. putting the session state in the user’s cookie, and then trusting that data later)
  • Account takeovers

These vulnerabilities are the root cause of many web 2.0 hacks, privacy breaches, business logic mishaps, avoidable tech support events, outages, and flames from users. Thankfully, we can solve these problems with the right approach. I will show methods and code to:

  • Ensure that all input from the internet meets a standard of correctness or is rejected
  • Keep user data private
  • Keep site performance high (or even improve it)

Chris Palmer

iSEC Partners

Chris Palmer is a principal security consultant with iSEC Partners, a strategic digital security company. Prior to iSEC, Chris worked for the Electronic Frontier Foundation where he provided technical management and analysis of several key EFF projects and provided technical advice to EFF (and other) lawyers. Prior to the EFF, Chris built web applications.

Silverlight Showcase
  • Microsoft Corporation
  • .CO
  • Adobe Systems, Inc.
  • Ericsson
  • Germany Trade & Invest
  • IBM
  • Berlin Partner
  • blueKiwi
  • EffectiveUI
  • HP
  • Neustar, Inc.
  • OpenSRS
  • OpenText
  • PayPal
  • Pearltrees
  • The Planet

Rob Koziura
(415) 947-6111

Kaitlin Pike
(415) 947-6306

View a complete list of Web 2.0 Expo contacts.