Web Security Attack and Defense presented at Shakacon 2012

by Jim Manico, Matt Johansen,

Summary : This talk will present a fast-paced wide-range of web application security vulnerability categories from both an attack and defense perspective. The presenters will illustrate the specific vulnerabilities, demonstrate a variety of different exploitation techniques, and then demonstrate developer-centric defense methods to stop said attacks deep in code. This same method will be used evaluate several real-work hacks from 2011 and 2012. Not only will we analyze some recent and devastating real world web application hacks, but we will also explain how they could have been stopped via defensive coding techniques.