Speaker
Mr
Sebastian Lopienski
(CERN)
Description
CERN hosts a large number of Web sites (CERN-related, but also private), both on central Web Services, as well as on machines managed by particular Web site owners. Some of these Web sites are actually interactive Web applications developed with languages like PHP, ASP, Java, Perl, Python etc. - and unavoidably a fraction of them have bugs making them vulnerable to attacks such as Cross Site Scripting (XSS), Code/SQL Injection, Cross Site Request Forgery (CSRF), and so on. To address this issue, several Web application vulnerability assessment tools have been evaluated at CERN, and chosen ones are used to find vulnerabilities before the attackers do. This talk will discuss the choice of tools, the findings, and suggestions how Web application security can be improved in large organizations.
Author
Mr
Sebastian Lopienski
(CERN)
