Silicon Valley Code Camp : October 11th and 12th 2014
Sam Bowne
City College San Francisco
About Sam
Sam Bowne has been teaching computer networking and security classes at CCSF since 2000. He has given talks at CodeCamp, DEFCON, BayThreat, LayerOne, and Toorcon, and taught classes and seminars at many other schools and teaching conferences.
He has a Ph.D. and a CISSP and a lot of other certifications, and a lot of computer and cables and firewalls and stuff.
Web applications are very often wide-open doors for hackers to exploit, stealing data, defacing Websites, and often traversing through a network owning server after server.
The Code Camp website demonstrates several poor security practices, which I will demonstrate.
I will also demonstrate several common vulnerabilities, showing how to exploit them, and how to patch the vulnerable code, including:
SQL Injection
Cross-Site Request Forgery
Cross-Site Scripting
Local File Inclusion
I will provide live demonstration apps and code on my Website for everyone to use freely.
Nothing here is new, and the most important information is more than ten years old. However, this information is missing from many programming classes and textbooks and new Web apps are still repeating the mistakes of the past. I hope to inspire more coders to consider security earlier in the development process.