BSides Austin 2012 Follow-Up: Software Vulnerability Management: Remediating SQL Injection and Cross-Site Scripting

As expected, BSides Austin 2012 was a blast. I don’t know what it is about the BSides events, but they always draw a fun crowd; Austin 2012 was no different. I gave a short training class on software vulnerability management with some specific examples on fixing SQL injection and Cross-Site Scripting (XSS). I’d have to say the most interesting part of the class for me was the discussion about how to determine what vulnerabilities to fix as well as how improving software development practices in other areas (continuous integration, automated testing, DevOps-style deployment and so on) makes fixing vulnerabilities cheaper and easier.

Slides are online here:

The abstract for the short training session was:

The OWASP Top 10 lists injection flaws and cross-site scripting (XSS) as the two most significant application security risks (https://www.owasp.org/index.php/Top_10_2010-Main) This training session will walk through methods for fixing identified SQL injection and cross-site scripting vulnerabilities – highlighting common mistakes that are made as well as more secure approaches. Code examples will be provided for popular platforms including Java EE and ASP.NET.

Contact us for help managing your software and application vulnerabilities. 

–Dan

dan _at_ denimgroup.com

@danielcornell

Posted via email from Denim Group’s Posterous

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

One Response to “BSides Austin 2012 Follow-Up: Software Vulnerability Management: Remediating SQL Injection and Cross-Site Scripting”

  1. Andrew Borman

    Hehe. I wonder when XSS will die…

Leave a Reply

Your email address will not be published. Required fields are marked *