Bruno Morisson @ SAPO Codebits 2009

Crash Course in Brain Surgery


Since Codebits is mainly a coder/developer conference, this presentation will be about developing applications securely, primarly Web applications. As we have seen this year, most "standard" flaws, such as XSS and SQLinjection are still being found and exploited in low and high profile applications (remember the Heartland Payment Systems breach, using SQLinjection, where millions of CC numbers were stolen, or the website ?), even though these vulnerabilities have been known for almost a decade. My talk focuses on raising awareness on the need for developers to think about security, and integrating security throughout the software development lifecycle, helping developers understand the problems, and how these can be avoided. In the talk I'll try to show different types of flaws (language agnostic), from technical flaws (XSS/CSRF/SQLi/etc), to design flaws, business logic flaws, access control flaws, etc, as well as sharing real world examples and experiences from different applications which have #failed.

O vídeo já está disponível na rede: