Frank Kim
Author of Secure Coding in Java/JEE
Frank Kim is a security leader with over 17 years of experience in information security, risk management, and enterprise IT. He has a passion for developing security strategies and building teams focused on practical solutions to business risks. He currently serves as the curriculum lead for application security at the SANS Institute and is the author and an instructor for the Secure Coding in Java course. Frank is a popular public speaker and has presented at security, software development, and leadership events around the world and was twice named a JavaOne Rock Star.
Presentations
Learn how to use the latest HTTP headers to prevent attacks like Clickjacking, Cross-Site Scripting (XSS), and Session Hijacking. To address security defects developers typically resort to fixing architectural issues and security bugs directly in the code. A few use security related HTTP headers to mitigate the risks posed by malicious attackers. Some developers might even pray that security issues will be fixed automagically by the browser.
Come learn how a combination of these techniques can help you develop more secure Java web applications.
Do you use REST from your mobile and HTML5 apps to communicate with backend services? Are you doing so securely?
Find out how to use simple authentication, access control, and encryption techniques to
protect your RESTful services. You will also learn how vulnerabilities like Cross-Site Request Forgery (CSRF) can be used by attackers to hack your services.
Using live demos, developers and architects will learn how to secure critical REST services and proactively prevent attacks from occurring to stop hackers from exploiting their applications.
Learn how your organization can fall prey to malicious attackers. Using real-world case studies you'll see exactly how hackers exploited and embarrassed several well-known companies. Analyzing these events
provides enormous insight into what works and what doesn't when building, maintaining, and defending your app.
Hearing these stories will plant a security seed in your mind that may change everything.
Learn how to exploit security vulnerabilities that are commonly found in the arsenal of malicious attackers. We won't simply talk about issues like Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF), but will show how hackers abuse these potentially devastating defects by finding and exploiting vulnerabilities in real world open source web applications built in Java. We will proceed to walk through the source code and actually fix these issues using secure coding techniques. We will also discuss best practices that can be used to build security into your SDLC.
Java developers and architects will learn how to find and fix security issues in their applications before hackers do.
This session covers
- Exploiting vulnerabilities in a running web application
- Finding security issues in the source code of a real open source application
- Fixing the vulnerabilities using secure coding techniques
Learn how to exploit security vulnerabilities that are commonly found in the arsenal of malicious attackers. We won't simply talk about issues like XSS, CSRF and SQL Injection, but will have live demos showing how hackers exploit these potentially devastating defects using freely available tools. You'll see how to hack a real world open source application and explore bugs in commonly used open source frameworks. We also look at the source code and see how to fix these issues using secure coding principles. We will also discuss best practices that can be used to build security into your SDLC.
Java developers and architects will learn how to find and fix security issues in their applications before hackers do.