Although Java offers some great security 'features', this talk will handle the lack of 'build in' security when you develop your web applications. Security is not an on/off button or parameter you activate for your deployment! Some real world hacks will be demonstrated to show how easy it is to break the confidentiality or integrity of your data and how easy it is to break you web application! To finish off in a positive note: it IS possible to do it the right way. Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks. OWASP tools and methodologies such as OWASP Java security, source code security review and the enterprise security provide developers with a massive advantage over organizations that are trying to deal with security using existing ad hoc secure coding techniques.
Sebastien started the successful Belgian OWASP Chapter and performed several public presentations on web application and web services security. Sebastien specialises in (web) applicatoin security, combining his software development and information security experience. He is currently OWASP Foundation board member and responsible for the Telindus application security offering.
