Session Title

Crash Course in Brain Surgery

Abstract

Crash Course in Brain Surgery (by "brain" I mean "application",
and by "surgery" I mean "security").

Since Codebits is mainly a coder/developer conference, this presentation will be about developing applications securely, primarly Web applications. As we have seen this year, most "standard" flaws, such as XSS and SQLinjection are still being found and exploited in low and high profile applications (remember the Heartland Payment Systems breach, using SQLinjection, where millions of CC numbers were stolen, or the BarackObama.com website ?), even though these vulnerabilities have been known for almost a decade. My talk focuses on raising awareness on the need for developers to think about security, and integrating security throughout the software development lifecycle, helping developers understand the problems, and how these can be avoided. In the talk I'll try to show different types of flaws (language agnostic), from technical flaws (XSS/CSRF/SQLi/etc), to design flaws, business logic flaws, access control flaws, etc, as well as sharing real world examples and experiences from different applications which have #failed.

Language

Portuguese

Speakers

Bruno Morisson

Geek. Security evangelist. Security professional. PenTester. Auditor. Consultant. Been using computers for as long as I can remember. And I remember a lot. Working in computer security for over 10 years. Did almost everything in security, from development (in C, Perl and Python), to R&D of security products, to exploit writing, to training and teaching. Speaker @ Codebits 2009, and loved every bit (pun intended). (more)


Where

Stage 1

When

Friday, 4 of December of 2009, from 12:00 to 13:00

Files and video

Video

Slideshare

Attendees

Alexandre Amaral de CarvalhoAlexandre Amaral de Carvalho André CruzAndré Cruz Andreia GaitaAndreia Gaita Bernardo RaposoBernardo Raposo Bruno Miguel Bota BarretoBruno Miguel Bota Barreto Bruno MorissonBruno Morisson Bruno SilvaBruno Silva Carla Vanessa F. A. LeiteCarla Vanessa F. A. Leite Carlos MoutinhoCarlos Moutinho Carlos RodriguesCarlos Rodrigues Cátia NunesCátia Nunes David Emanuel da SilvaDavid Emanuel da Silva David José Vaz cruzDavid José Vaz cruz David JúlioDavid Júlio Dinis CorreiaDinis Correia Filipe CruzFilipe Cruz Filipe VarelaFilipe Varela Francisco AscençaoFrancisco Ascençao Jean FigueiredoJean Figueiredo João Miguel Forte OliveirinhaJoão Miguel Forte Oliveirinha João Paulo CarvalhoJoão Paulo Carvalho João Paulo Martins MachadoJoão Paulo Martins Machado João Pedro PereiraJoão Pedro Pereira João PoupinoJoão Poupino joão ramosjoão ramos João Rui MartinsJoão Rui Martins Jorge Miguel Ferreira AlvesJorge Miguel Ferreira Alves José Manuel CanelasJosé Manuel Canelas José Rodrigues da Mata FernandesJosé Rodrigues da Mata Fernandes José Vasco Fidalgo PatrícioJosé Vasco Fidalgo Patrício Luís CoutoLuís Couto Luis NabaisLuis Nabais Luís Pedro Zamith de Passos Machado FerreiraLuís Pedro Zamith de Passos Machado Ferreira Márcio MoreiraMárcio Moreira Marco NevesMarco Neves Nuno DantasNuno Dantas Nuno CardosoNuno Cardoso Paula ValencaPaula Valenca Pedro CavacoPedro Cavaco Pedro DiogoPedro Diogo Pedro FrazãoPedro Frazão Pedro Moura PinheiroPedro Moura Pinheiro Renato LourençoRenato Lourenço Ricardo AugustoRicardo Augusto Ricardo Dias MarquesRicardo Dias Marques Ricardo SantosRicardo Santos Rogério MachadoRogério Machado Rui LopesRui Lopes Tiago Boldt SousaTiago Boldt Sousa Tiago HenriquesTiago Henriques Tiago MendoTiago Mendo Tiago SerraTiago Serra Tomás SenartTomás Senart Wilson Manuel Sousa AlbertoWilson Manuel Sousa Alberto


Estimated head count: 93 people
(based on the total of persons interested in this talk and the universe of people attending Codebits)




Information

Past editions

Social