Friday, August 10, 2007

Writing Secure Applications

This presentation was originally given at the St. Louis Java user Group.

Security topics in the internet age remain esoteric and the domain of experts. Firewalls and Intrusion Prevention Systems are only parts of the complete security picture. Application security is an essential piece of the security puzzle, and without it, the sensitive application is still in jeopardy, even with the strongest network and OS security. Yet many developers lack the knowledge needed to protect their sensitive data using secure application development techniques.

The presentation focuses on tools and techniques that developers can use write a secure application from scratch, or test an already-installed application. Attacks will be discussed such as SQL injection, cross-site scripting, dictionary attacks. These attacks can be foiled using testing tools, Java Cryptography (JCE), and secure design techniques. Tools and code samples will demonstrate these techniques so that you may apply them to your applications. We'll also look at Risk Assessment, impact analysis and the bigger picture of security or SOx audits, in case your system is audited.

Download the presentation here.

-Jay Meyer

No comments: