Web Application Security Fundamentals

Major websites are losing customer data left and right, and their brands are losing face because of it. Web application security is more important now than ever before, yet very few developers have a solid grasp of the fundamental concepts and theory behind modern security measures.

This interactive presentation will cover many of the building blocks of modern security including encryption, database-level security, server security, session management, input sanitation, and password strength. More complex topics, such as OAuth, cross-site scripting, developer security, cloud hosting, etc. will also be touched on if requested. Ideally, each topic will be a relatively dense 5-minute overview hitting the core theory along with an example or two. Topics will be chosen by audience participation (bring your voices.)

This talk will not be Drupal-specific and while examples will be chosen with Drupal in mind, the topics covered should apply to any web application. Details for the talk will be taken from my experience, Security Now, OWASP, and an assortment of security-focused presentations and papers. The talk will assume little to no prior security knowledge, though we won’t spend much time on anything you already know.