Web app security – the best bits

Security is paramount for applications delivered over the Internet. We’ve put a lot of energy into our own development practices, and recently we’ve been sharing some of the things we have learnt and refined with developer audiences around New Zealand.

Over the last six months I’ve been presenting on different aspects of web security to about 350 developers at user group meetings, Code Camps, conferences and to some of our partners. The main focus has been on understanding the potential threats in a web environment,  share some of our experiences, and offer some best practice on how to protect your applications.

Monday at the OWASP New Zealand day  was a lot of fun. I co-presented with Andy Prow from Aura Software Security . We had two participants up the front sparring with giant boxing gloves while I protected our sample ASP.NET application from Andy’s ‘hacking’ attacks.

There was lots to learn from the various sessions – most surprising to me was the lack of security around Firefox Extensions. In a session presented by Roberto Suggi Liverani and Nick Freeman from Security-Assessment.com, we saw the sorts of bad behaviour a Firefox extension can get up to without you realising. Moral of the story: don’t install extensions that you don’t trust!

We also heard about the 2 million unprotected credit card numbers found on NZ companies’ infrastructure, how small security issues can be compounded when chained with other issues, how SOAP web services can be tested, and how after 10 years we’re still making the same mistakes again and again.

All the talks were recorded, so I expect at some stage the videos and slides will end up at the OSWAP NZ website.  So if you’re a developer or architect, come along to user group meetings to learn more about web security.  The OWASP guidelines are also available for free from the OWASP site.

If you’re a .NET development shop or Xero partner, I’d be happy to come along and present to you and your team for an hour or so.

Leave a Reply

Your email address will not be published. Required fields are marked *

Xero Gravity: How technology maximizes business productivity

Technology enables freedom. But for many of us who are creatures of habit, it’s easy to accept traditional workflow processes in business. Nick Pasquarosa, founder and CEO of Bookkeeper 360, joins us this week on Xero Gravity. He’s on a mission to empower small business owners to upgrade their daily processes through technology. “When you invest ...

Is wearable technology set to disrupt health care?

According to Medical Daily, wearable technology was predicted to be the top fitness trend of 2016. But is wearable technology just a trend or does it have the potential to transform the medical industry? Are doctors the next sector to experience a major disruption at the hands of tech? Wearables are already making their mark ...