Episode 128: Web App Security with Bruce Sams

Filed in Episodes by on March 7, 2009 7 Comments

Recording Venue: OOP 2009
Guest(s): Bruce Sams

Host(s): Markus
The majority of hacker attacks (70 %) are directed at weaknesses that are the result of problems in the implementation and/or architecture of the application. This session shows how you can protect your web applications (J2EE or .NET) against these attacks. The session covers lots of practical examples and techniques for attack. Furthermore, it shows strategies for defense, including a “Secure Software Development Lifecycle”. A “Live Hacking” demo rounds it out.

This is a session recorded live at OOP 2009. SE Radio thanks Bruce, SIGS Datacom and the programme chair, Frances Paulisch, for their great support!


Tags: , ,

Comments (7)

Trackback URL | Comments RSS Feed

  1. shine says:

    Very interesting post. Thanks a lot for sharing. keep it up the good work

  2. The0retico says:

    i just want to tell you that this episode was very good, although there wasn’t much new information for me, but it was funny, live and amusing. I like the format very much, you tried demo episode before (mdsd pt3 as i recall) and i thought it was quite good, although one can not see what exactly are you doing, but it gives a taste of what is needed t obe done. It is also very good to have live questions.
    Please, Markus and the team, keep up the good work:)

  3. cobusk says:

    I think this was one of the best shows yet. Both the style and the subject matter. I would love some more (and perhaps more hands-on) security discussions. It is after all one of the more important topics, as well as one of the most neglected ones.

  4. The0retico says:

    I just wanted to tell you, that you have wrong date on this episode.

  5. Volker says:

    Thank You

  6. johnadams says:

    This episode was very well done. The demos are interesting but lacked the visual element. Would it be possible to post a video recording in the future so that we can see what Bruce and others are demonstrating?

  7. holla2040 says:

    I agree on the best episode comment. I’ve listened to 128 one twice now to pick up more details. Any chance of linking to the referenced FBI generated report on attack sources: external, competition, internal, ‘foreigners’, etc.

    As for the demo, I envisioned typing in code as I listened and how my work is inheritently insecure. Bruce please stay from my work for a little while!

Leave a Reply

Your email address will not be published. Required fields are marked *