The Case Of Promiscuous Parameters And Other Ongoing Capers In Web Security
No ratings
Presented at OWASP Appsec 2009 by
Security is harder than it looks: seemingly innocuous programming constructs can turn a cool project into a time bomb. The prevalence of “safe” languages like Java and C# combined with an ever-increasing number of abstraction layers are making vulnerabilities like buffer overflow and SQL injection things of the past. But is security on the Web getting better universally? This talk takes a deep-dive into modern web programming paradigms and frameworks, including ASP.NET, Spring and Struts, to demonstrate security anti-patterns that every developer on the Web needs to grok.