Web Security Day

Datum: 

Wednesday, October 30, 2013

Insuficient web application security opens the door for theft and abuse of data. Unidentified security issues can already lurk in an application’s architecture. That is why selective measures are often not enough. Instead, there is a need for a multi-layered security architecture which covers all aspects. Web Security Day will set out to highlight all these aspects and will provide participants with useful tips for securing their applications.

JavaScript-Security

german

Session

Date: 

Wednesday, October 30, 2013 - 9:00am to 10:00am

Room: 

  • Großer Saal

Wenn der größte Teil der Logik in JavaScript stattfindet, dann findet auch der größere Teil der Sicherheitsrisiken dort seine Heimat. Und Angreifer finden mit JavaScript eine interessante neue Umwelt, denn die Sprache selbst und auch ihre Heimat in Browser und Node.js bringen viele neue Probleme. Und genau da setzt der Vortrag an: die verblüffenden Unterschiede von JavaScript zu anderen Sprachen, wenn es um Security geht. Die Risiken und auch die Besonderheiten von Browsern und anderen JavaScript-Engines wie Node.js.

Mayflower GmbH

Getting started with Static Code Analysis the Right Way

english

Session

Date: 

Wednesday, October 30, 2013 - 10:30am to 11:30am

Room: 

  • Forum 12

Static Code Analysis is a proven way to find and eliminate security vulnerabilities in your code before they end up in a production environment. Despite this, many attempts to introduce it end in failure as it is often perceived as creating more work than value. Based on our experiences we will discuss common mistakes made when introducing Static Code Analysis and present strategies for a successful integration of this crucial security tool.

Deutsche Telekom

OWASP Top 10

german

Session

Date: 

Wednesday, October 30, 2013 - 1:45pm to 2:45pm

Room: 

  • Forum 12

Spätestens seit den letzten XSS- und CSRF-Attacken auf Twitter, PayPal und Facebook ist klar, dass das Thema Security immer noch ein größeres Problem ist. Das Open Web Application Security Project (OWASP) veröffentlicht deswegen alle drei Jahre eine neue Top-10-Liste mit den gefährlichsten Angriffsszenarien. In diesem Talk werden wir uns der aktuellsten Liste widmen. Es werden die möglichen Angriffsszenarien gezeigt und wie man sich entsprechend davor schützen kann.

Sitewards GmbH

Integrating Security in your Web Application Project: when and how?

english

Session

Date: 

Wednesday, October 30, 2013 - 3:00pm to 4:00pm

Room: 

  • Forum 12

Whether you work at a software editing or at a software-consuming organization, there is a high probability that you have approached security by combining penetration testing with devops security training. While these two activities may sound sufficient in many environments, they remain subject to limitations that highly decrease an organization's ability to identify and fix problem when they are still "cheap". For example: What if the application gets updated frequently? What if the penetration testers forgot to perform some tests?

Secure Identity Management with SCIMv2 and OAuth2

english

Session

Date: 

Wednesday, October 30, 2013 - 4:30pm to 5:30pm

Room: 

  • Großer Saal

Securing account and identity data is one of the biggest challanges in the web industry. Weekly we receive reports from websites that have been compromised, there are details of millions (https://www.pwnedlist.com/) of leaked accounts available for everyone who is interested. Delivering functional focussed websites often does not allow the developers to work on security features in detail. With the prominent market standards OAuth2 and SCIMv2 it becomes easy to protect identity data for everyone. The talk will have three focus areas: 1.

tarent AG
Subscribe to RSS - Web Security Day