Session en anglais - Introduction
Sécurité
Code injection into web apps is not a new phenomenon. It's been a constant on the web even longer than IE6. It's been around since the very first .cgi scripts were chmod +x'ed, resulting in a chroot 0wn3d.
Code injection is mainly brought about by web programmers not making sure that the input received from users is what was expected.
This talk, will concentrate mainly on XSS injection, but will also talk a little about SQLi and CSRF. We'll go over the kinds of programming mistakes that result in code injection, and how to change your mindset to prevent these issues.
Code injection is mainly brought about by web programmers not making sure that the input received from users is what was expected.
This talk, will concentrate mainly on XSS injection, but will also talk a little about SQLi and CSRF. We'll go over the kinds of programming mistakes that result in code injection, and how to change your mindset to prevent these issues.
Philip Tellis View speaker page
Philip Tellis is a geek who likes to make the computer do his work for him. As part of his job as a performance and security architect, he analyses the impact of various design decisions on web application performance and security. He is also an active opensource developer, writing mostly for the web.In his spare time, Philip enjoys cycling, reading, cooking and learning spoken languages.
