[PLUG-announce] November Meeting: Cargo Cult Security

Steve Meyers steve at plug.org
Wed Nov 12 10:40:01 MST 2014


Date: Tuesday, November 18th
Time: 7:30pm
Location: UVU Business Resource Center

Derrick Isaacson will present common anti-patterns for securing web applications and how to correct them. Learn how to differentiate between authentication, authorization, secrecy, integrity, non-repudiation, and other security goals.

See how* a theoretical "secret" banking request is corrupted to pad an attacker's bank account,* an insecure "session" authentication token is attacked, and* a "random" XSRF value gives a false sense of security.

Just go in the front doors, and follow the signs. We're usually in a conference in the back of the main floor. There will be pizza provided by TekSystems.

http://plug.org/uvu has directions and a map



More information about the PLUG-announce mailing list