Tutorial 1.A - Writing secure code

Presenter: Erez Metula, IBM.

Tutorial Abstract

Secure Programming is the last line of defense against attacks targeted toward our systems. This seminar is an introduction to application security threats, demonstrating the security problems that exist in corporate systems with a strong emphasis on application security and secure coding. During this seminar the instructor will demonstrate real world attacks on live applications and web sites, in order to provide the students with the required understanding about software vulnerabilities, how they can be exploited,  tools used by the attackers, etc. Attendees will have a chance to witness the effectiveness of real world attacks such as SQL Injection, XSS (Cross Site Scripting), CSRF (Cross Site Request Forgery), Command Injection, and other interesting attacks. Using such attacks, we'll understand how sensitive database records can be stolen, how an innocent user can perform actions without even being aware of  doing so, how Denial of service attacks are caused and so on. We'll later understand how to avoid such vulnerabilities by following secure coding best practices and incorporating security into the software development lifecycle. The seminars covers the major security vulnerabilities and secure coding best practices when developing web applications & server based services, while focusing on modern application development platforms such as Java and .NET.




Erez Metula is a world renowned application security expert, spending most of his time finding software vulnerabilities and teaching developers how they should avoid them. Erez has an extensive hands-on experience performing security assessments, code reviews and secure development trainings for worldwide organizations, and had previously talked at international security conferences such as BlackHat, Defcon, OWASP, RSA, SOURCE, CanSecWest and more. His latest research on Managed Code Rootkits, presented at major conferences throughout the world, was published recently as a book by Syngress publishing. He is the founder of AppSec Labs, where he works as an independent consultant focusing on advanced application security topics.