Oct 26 – 30, 2009
Lawrence Berkeley National Laboratory
America/Los_Angeles timezone

Web application security

Oct 29, 2009, 9:00 AM
30m
Bldg. 66 Auditorium (Lawrence Berkeley National Laboratory)

Bldg. 66 Auditorium

Lawrence Berkeley National Laboratory

1, Cyclotron Road, Berkeley, CA, 94720 USA

Speaker

Mr Sebastian Lopienski (CERN)

Description

CERN hosts a large number of Web sites (CERN-related, but also private), both on central Web Services, as well as on machines managed by particular Web site owners. Some of these Web sites are actually interactive Web applications developed with languages like PHP, ASP, Java, Perl, Python etc. - and unavoidably a fraction of them have bugs making them vulnerable to attacks such as Cross Site Scripting (XSS), Code/SQL Injection, Cross Site Request Forgery (CSRF), and so on. To address this issue, several Web application vulnerability assessment tools have been evaluated at CERN, and chosen ones are used to find vulnerabilities before the attackers do. This talk will discuss the choice of tools, the findings, and suggestions how Web application security can be improved in large organizations.

Primary author

Presentation materials