Applied Application Security at CodeMash

January 2014, at CodeMash, I'll be presenting my new 4 hours Applied Application Security seminar as a precompiler. It is Tuesday afternoon, on the first day of the conference. A Tuesday precompiler ticket is required for attendance, but there is no additional charge.

We will be covering both testing for the vulnerabilities that I feel developers need to know the most about, and defensive methods that work in today's market. It is a language neutral class - samples will be in Java, C#, PHP, Ruby and occasionally Perl. The topic breakdown is:

  • Information disclosure (spilling to Google, exception management, server ops)
  • Injection (SQL, OS, Browser, LDAP, AD)
  • Authentication and session management
  • Data protection
This is a participatory session. To be prepared for this session, please have a virtual machine manager loaded with Samurai WTF. This is a training VM in Linux that has both the training sites, and the tools for testing, preinstalled.
 
If you are planning on attending and have any questions, please don't hesitate to email me at bill@pointweb.net or call me at 614-402-7207. I'll be glad to fill you in.
 
Hope to see you there.

Comments (1) -

Bill Campbell
12/13/2013 12:18:08 PM #

Hi Bill,
Is it possible to run this on a Windows 8 machine? Are there install instructions anywhere? I'd love to attend your session at CodeMash.
regards!

Comments are closed

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

PageList

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList