The web development community has seen a rise in new web frameworks that provide small to large organizations with the opportunity to decrease development time and increase productivity. Frameworks such as Play! and Node.js as well as their supporting API(s) allow development staff to quickly and efficiently create and ship a product. But with these new frameworks come the same security issues that have plagued the web for years. This talk will show how frameworks such as Spring and Django have solved these issues in the past, gaps in the newer frameworks, and provide code examples as well as offer helpful solutions to address these concerns within the frameworks discussed during this talk.
Bio:
Mike ------ Mike McCabe is a senior application security consultant at nVisium Security. In his free time he likes to build and hack on open source projects. He's a big fan of Burp and set -o vi in his bash profile. Mike also serves as a board member for the OWASP NoVa chapter. Ken ----- Ken Johnson is the CTO of nVisium Security, an application security firm. Prior to nVisium, Ken and Mike worked together to build LivingSocial’s application security program. Ken co-authored the Railsgoat project, the Web Exploitation Framework (wXf), and a ton of caffeine-induced code that should be banned from all source code repositories for public health reasons.