Fairmont San Jose
170 S Market St
San Jose, CA 95113
Map »

Platinum Sponsors

Dean H. Saxe

Managing Consultant at Foundstone

Dean H. Saxe is a Managing Consultant at Foundstone, A Division of McAfee, where he is responsible for conducting web application penetration testing, threat modeling, code reviews, secure software development lifecycle (S-SDLC) design and implementation, and project management. Prior to joining Foundstone, Dean spent more than 8 years developing web application in Java and ColdFusion in a variety of industries. While working in the banking sector, Dean's interest in application security was sparked and has grown steadily over the past five years. Dean also provides client education services as a lead instructor of these Foundstone courses: Building Secure Software, Writing Secure Code: Java/J2EE, and Writing Secure Code: ColdFusion. Dean holds the CISSP and Certified Ethical Hacker designations.

When not working, Dean enjoying hiking, cooking, homebrewing and traveling the world.

Presentations

Secure Application Development with Ajax

In this seminar we'll examine the security concerns around Ajax applications, how they are exploited and how developers can mitigate the risks to their applications. Ajax security begins with a discussion of the Same Origin Policy (SOP) of JavaScript, this is one of the key security features of JavaScript. Next, we'll examine authentication and authorization concerns with Ajax and how the developer can avoid common pitfalls.

The remainder of the talk will focus on the role of data validation in Ajax based applications. We'll examine how attackers may abuse Ajax applications designed to bypass the SOP (i.e. mash-ups using Ajax proxies), dynamic code injection attacks and proper serialization/deserialization of XML and JSON data.

Web Application Hacking for Web Developers

See the hacker's toolbox in action as various web applications are ripped open by exploiting simple software bugs. Common problems such as Cross-Site Scripting (XSS) and SQL Injection will be demonstrated and explained, along with more subtle vulnerabilities including privilege escalation, data tampering, and Cross-Site Request Forgery. Even if you've seen XSS and SQL Injection before, advanced techniques will be presented that can slip through many protections.

As a finale, the "holy grail" of web security will be broken with a Man-In-The-Middle attack on SSL. Although countermeasures are briefly covered, this is first and foremost a "shock and awe" presentation that will motivate you to secure your applications. Attendees will receive a CD with all the "Hacme" applications used during the presentation so you can practice your new "skillz".

Featured Sessions

Deconstructing Prototype

by Nathaniel Schutta
By now, most developers have (re)discovered the much maligned JavaScript language and the plethora of top notch libraries have helped make this grey b

Data Integration Part I : Beyond Cutesy Mashups

by Brian Sletten
Ever since we started doing relational joins, we've looked for ways to tie data together. When all we had were databases, our integration strategies w

Debugging Ajax

by Venkat Subramaniam
Developing Ajax applications is a lot of fun, up until things stop working. In addition to the general programming complexities, you need to deal wit

Managing Client State Across Domains

by Ron Bodkin
Rich Web apps often need to combine information from different DNS domains, though needs vary from visual mash-ups to deep integration.

Ajax Performance Analysis: Employing the Latest Tools to Get the Job Done

by Ryan Breen
Ajax continues to raise user expectations for interactivity and performance, and developers are increasingly treating Ajax as a must-have component of

JavaScript: The Good Parts

by Douglas Crockford
Hidden deep inside of JavaScript is an elegantly beautiful programming language.

KEYNOTE - The State of Ajax

by Douglas Crockford
With Ajax, a name was given to immediately interactive distributed applications, and the focus of innovation has moved from the browser makers to the

Ajax development with the Yahoo! UI Library and Grails

by Scott Davis
Yahoo! is a company that eats its own dog food. They open sourced the Ajax code that drives many of their own websites, including their eponymous home

KEYNOTE -Beyond Ajax

by Jesse James Garrett
Having trouble separating hype from reality? Where is the Web really headed?

Killer JavaScript Frameworks: Prototype, Script.aculo.us, and Rico

by David Geary
A spinoff of Ruby on Rails, Prototype is a JavaScript framework that makes it easy to implement Ajax functionality. Script.aculo.us and Rico are frame

Filthy Rich Clients with the Google Web Toolkit, Part I

by David Geary
The Google Web Toolkit (GWT) is truly a revolutionary framework that lets you develop Ajaxified web applications without knowing anything about Ajax o

Featured Speakers

Aaron Gustafson

Principal - Easy! Designs, LLC

After getting hooked on the web in 1996 and spending several years pushing pixels and bits for the likes of IBM and Konica Minolta, AARON GUSTAFSON founded Easy! Designs, LLC, a boutique web consultancy. Aaron is a member of The Web Standards Project (WaSP), serves as Technical Editor for A List..More »

David Verba

CTO of Emmett Labs

David Verba is the Technology Advisor for Adaptive Path and the Chief Technical Officer of Emmett Labs. His many years of technical leadership and architecture experience cover a broad range of projects and strategies, including Sun, Java, Oracle, and a variety of open source technologies. David served as Director of Technology for WholePeople.com, a large e-commerce initiative by Whole Foods, Inc., and was a core..More »

David Geary

Author of Graphic Java, co-author of Core JSF, member of the JSF Expert Group

David Geary is the president of Clarity Training, Inc. (corewebdevelopment.com), where he teaches developers to implement web applications using JavaServer Faces (JSF) and the Google Web Toolkit (GWT). A prominent author, speaker, and consultant, David holds a unique qualification as a Java expert: He wrote the best-selling books on both Java component frameworks: Swing and JavaServer Faces. David's Graphic Java S..More »

Eric Miraglia

Engineering Manager, YUI Team

Eric Miraglia has been authoring social web applications since 1995, when he began developing interactive writing spaces for universities; his Speakeasy Studio & Cafe was used by more than 100 universities between 1997 and 2004. Since 2003, Eric has been a part of Yahoos web development community. In 2005, he joined the newly formed YUI team where he serves as an engineering manager. In a few short years, YUI has ..More »

James Williams

Solutions Architect with RedHat

James Williams is a Solutions Architect for the JBoss Division of Red Hat. He is an avid Open Source evangelist that just happens to make a living doing what he loves most, educating others on how they can better use Open Source to make all of their wildest dreams come true. James is also an active Open Source contributor for several projects including Seam and JBoss ESB. He is a big believer in Open Source "chrom..More »

Blogs

Location

Fairmont San Jose
170 S Market St
San Jose, CA 95113
View Map

Stay Informed

Not ready to register yet? Enter your email here to receive update notifications about this event.

Name:
Email: