Talks from Software Architect 2013: Attacking Web Applications and First Steps in iOS Development

Thursday, October 10, 2013

I'm starting my way back from Software Architect 2013, and already miss the conference's great vibe and attentive delegates. It's been a pleasure meeting and interacting with all of you, and I look forward to returning for next year's conference! On a more practical note, I've promised to share with you the presentations from the event. I had two this year -- Attacking Web Applications and First Steps in iOS Development. In the first talk, I tried to cover the most typical attacks used against web applications today, including CSRF, XSS, improper session management with cookies, SQL and OS command...
tags: , , ,
no comments

Attacking Web Applications

Monday, May 6, 2013

My first breakout session at the SELA Developer Practice covered the most common attacks against web applications and how to defend against these attacks. When planning this talk, I knew 60 minutes are hardly enough to cover all common vulnerabilities -- especially if I wanted to show any demos -- so I decided to focus on the three most prevalent vulnerability types, according to the OWASP Top 10: Injection (command injection and SQL injection) Broken authentication or session management Cross-site scripting (and CSRF as a bonus) I've demonstrated these common vulnerabilities in a series of demos using...
tags: , , ,
no comments