Nytro Posted April 26, 2013 Report Posted April 26, 2013 Hitb 2012 - Defibrilating Web Security Description: PRESENTATION ABSTRACT: Whether you are a consultant or a software engineer, you have probably realized by now that we're not really making a lot of progress on server-side web security. Consultants benefit from the resulting job security and developers want to focus on building awesome technology without spending a lot of time and energy building reusable security solutions, which are hard. Come and hear about the fallacies of the current approaches and a couple of ideas no how to address some of them.Among other things, this talk will introduce you to contextual runtime taint tracking system with PoCs in Java and Ruby.ABOUT MEDER KYDYRALIEVMeder has been working in the area of application security for nearly a decade. He's poked at, broken, and helped fix a lot of code businesses and parts of the Internet depends on (Struts2, JBoss Seam, Google Web Toolkit, and Ruby on Rails, to name a few). Some of the things that excite him include: karaoke, server-side security, kumys and making software security easier.Sursa: Hitb 2012 - Defibrilating Web Security Quote
