Seminar 18A - Web Application Security
PLEASE NOTE: Separate registration and fee is required to attend this seminar.

Tuesday, October 28 | 9:30a.m. - 1:00p.m. | Room W331
Session Type: Professional Development
Easily accessible, simple instructions on how to attack a website are freely available to teenagers or professional hackers in the black market of personal data. Attacks such as URL rewriting, cross-site scripting, and SQL injection permit the most deadly form of application hacking, allowing intruders to access your data. Although a firewall is good protection, it is the beginning of a security strategy and does not protect a web application from these kinds of exploits. This session will demonstrate and explain common application hacks, defense techniques, and countermeasures. We will share various open source and vendor scanning tools that can be used to detect application security vulnerabilities and review OWASP's WebGoat as a security learning tool. You will also learn emerging practices on how to incorporate quality and security assurance into your software development life cycle or software acquisition. Sample checklists will be provided that can be used as part of a security review process.

Speakers

  • Marina Arseniev

    Director - Central Services Division, University of California, Irvine
  • Neil Matatall

    IT Security Engineer, University of California, Irvine

Resources & Downloads