The Case of Promiscuous Parameters and Other Ongoing Capers in Web Security

The presentation
ecurity is harder than it looks: seemingly innocuous programming constructs can turn a cool project into a time bomb. The prevalence of “safe” languages like Java and C# combined with an ever-increasing number of abstraction layers are making vulnerabilities like buffer overflow and SQL injection things of the past. But is security on the Web getting better universally? This talk takes a deep-dive into modern web programming paradigms and frameworks, including ASP.NET, Spring and Struts, to demonstrate security anti-patterns that every developer on the Web needs to grok.

The speaker
Jacob West is Director of Security Research at Fortify Software where his team is responsible for building security knowledge into Fortify's products. Jacob brings expertise in numerous programming languages, frameworks and styles together with knowledge about how real-world systems can fail. Before joining Fortify, Jacob contributed to the development of MOPS, a static analysis tool used to discover security vulnerabilities in C programs. In 2007, he co-authored a book with colleague Brian Chess titled "Secure Programming with Static Analysis". When he is away from the keyboard, Jacob spends time speaking at conferences and working with customers to advance their understanding of software security.