Presentation: "Common Security Weaknesses in Java Web Apps and How to Avoid them"

Time: Monday 10:50 - 11:50

Location: Robinson/Whitman

Abstract:
Implementing secure Web Applications requires an understanding of broad range of vulnerabilities and how to avoid them.  
Secure application development is the product of a security focus that spans the entire SDLC, and that requires insight into
how applications are attacked and compromised.
 
In this talk we will examine common weaknesses found in Java Web Apps, and provide specific guidelines on how to avoid them,
including:
  • Authentication
  • Access Control
  • Session Hijacking
  • Cross-site Scripting
  • Command Injection
  • SQL Injection
  • Path Traversal
  • Format Strings
  • Error Handling
  • Application Logic
  • Multi-Tier Architectures
 
Each vulnerability will be summarized, presented as a real-life J2EE scenario, and then the proper mitigation strategy described.

Joe Fisher, President, Affinity IT Security Service

 Joe  Fisher
Mr. Fisher has been providing technical consulting and training since 1993, and has literally trained thousands of students around the world in a wide variety of IT topics in Cybersecurity, Software Development, and Project Management.   

A dynamic and engaging speaker, in addition to his role as an Instructor Joe has spoken on IT Security topics at OWASP NYC, JavaSIG NYC, NJMMA, Morris County Chamber of Commerce, and
Regional IIB meetings.

Mr. Fisher holds an undergraduate degree in Computer Science from Merrimack College, a Graduate degree in Computer Science from Rensselaer Polytechnic Institute, and an MBA from Fairleigh Dickinson University.   He is a former Member of the Technical Staff at AT&T Bell Laboratories.

He is an active member in the New Jersey Chapter of the Society for Information Management (SIM) and serves on its Executive Council. He also serves on the Board of the Sturge-Weber Foundation.