http://www.slideshare.net/DerrickIsaacson/cargo-cult-security-programming-at-openwest https://github.com/disaacson/cargo-cult-security
On 11/18/2014 10:40 AM, Steve Meyers wrote:
Date: Tuesday, November 18th Time: 7:30pm Location: UVU Business Resource Center Derrick Isaacson will present common anti-patterns for securing web applications and how to correct them. Learn how to differentiate between authentication, authorization, secrecy, integrity, non-repudiation, and other security goals. See how* a theoretical "secret" banking request is corrupted to pad an attacker's bank account,* an insecure "session" authentication token is attacked, and* a "random" XSRF value gives a false sense of security. Just go in the front doors, and follow the signs. We're usually in a conference in the back of the main floor. There will be pizza provided by TekSystems. http://plug.org/uvu has directions and a map /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
