September 20, 2008 - 12:01 UTC - Tags: speaker talk conference
This year I was accepted as a speaker at Javazone here in Oslo. Markus Harboe from mnemonic and I had a presentation about the state of security in norwegian web applications, and what developers and project managers can do about it.
The presentation
Our presentation started out by describing and examplifying the most common mistakes web developers make when writing web applications. This was based upon the OWASP top ten. I provided some technical details about some of the problems, while Markus talked about some of the others and provided some interesting examples from what mnemonic has found while doing application security assessments of norwegian web applications. We proceeded to talk about mitigation ,and I also briefly touched upon security in Web 2.0. Markus ended our talk by talking about security as a part of the process in development projects.
The summary:
Responses
We actually got some press coverage (with pictures) in the norwegian online newspaper digi: 316 norske nettsteder hacket siste måned
A big thanks to all the people that showed up, and to the Javazone crew for yet another successful conference!
Comments closed for this post
The presentation
Our presentation started out by describing and examplifying the most common mistakes web developers make when writing web applications. This was based upon the OWASP top ten. I provided some technical details about some of the problems, while Markus talked about some of the others and provided some interesting examples from what mnemonic has found while doing application security assessments of norwegian web applications. We proceeded to talk about mitigation ,and I also briefly touched upon security in Web 2.0. Markus ended our talk by talking about security as a part of the process in development projects.
The summary:
- Validate your input
- Escape your output
- Use generic error pages instead of showing stacktraces and watch what files you put in production
- Check that you authentication and authorization is actually working
- Focus on security through the whole project, not just at the end
Responses
We actually got some press coverage (with pictures) in the norwegian online newspaper digi: 316 norske nettsteder hacket siste måned
A big thanks to all the people that showed up, and to the Javazone crew for yet another successful conference!
About Erlend
Security guy with some thoughts on secure development.
Tag cloud
Categories
Blogroll
