It should be no surprise that as Web 2.0 hits the mainstream, security issues move into the spotlight. Vastly more data is now accessible on the Web, and as individuals and businesses move their computing into the cloud, they want to know that it will be there for them and those they trust, and that it doesn’t fall into the wrong hands. This track looks at technical, design, legal and business aspects of security, from the assumption that true security is not a question of code alone.
It has long been an unfortunate fact that the World Wide Web cannot be safely used by the vast majority of people in the world. In this talk, we will discuss the different groups, techniques, and motivations behind crime on the Internet, with a focus on attacks targeting web users.
We discuss common Flash programming and deployment pitfalls that lead to web security issues such as information disclosure, cross site request forgery, and cross site scripting. We demonstrate how attackers find and exploit these issues, and most importantly, we present how developers and system administrators can prevent Flash based security issues on their websites.
HTTPS is a baseline prerequisite for a secure web application. By measuring bytes on the wire and microseconds elapsed, we can see the exact performance effect of HTTPS vs HTTP. In doing so, we may discover that optimizing other aspects of the application improves latency and throughput more than turning off HTTPS does. We present free tools to help you measure your application.
In this session, Hutchinson will explore the world of online payment fraud and discuss its rapid evolution from lone hackers into global rings of organized crime. Attendees will learn about some of today’s fraud trends as seen through the lens of PayPal’s worldwide payments network.
When you look at many of the prominent website hacking incidents, it becomes obvious that website security is becoming increasingly challenging for today’s corporations. The more we’ve come to understand about the Web, the less secure it seems to get.