Security Sins and their Solutions

The talk covers the most insidious security vulnerabilities in Java Web and EE applications through practical demonstration of how to exploit these vulnerabilities and recommendations on how to prevent them. The threat posed by each vulnerability is explained and strategies for mitigating the flaw are introduced. The talk concludes with a discussion about integrating security at every step of the development life cycle.

Stephen de Vries is a Principal Consultant in Corsaire's Security Assessment team. He has worked in IT Security since 1998, and has been programming since 1997. He has spent the last four years focused on Ethical Hacking, Security Assessment and Audit at Corsaire, KPMG and Internet Security Systems. He was a contributing author and trainer on the ISS Ethical Hacking course and Technical Leader for the Automated Perimeter Scanning project co-coordinating a team of six developers in three countries. Stephens past roles have included that of a Security Consultant at a leading City of London Financial institution and also Security Engineer at SMC Electronic Commerce. At both positions he was involved in corporate security at many levels and was responsible for consulting on the paper security policies and procedures, conducting vulnerability assessments, designing, deploying and managing the security infrastructure of the organisation.