Chris Holland

Practical Security for Web Applications

Explore effective methods to identify & avoid the most common and devastating security pitfalls in Web Applications.

When it comes to an enterprise's exposure to security vulnerabilities, one could easily argue that its web presence is by far its greatest threat. There are many ways to build vulnerable applications and a few effective ways to "build them right". We'll instrument you to stay on right side of this equation.

Agenda:

Basic Resources and Tooling
=====================

* We'll look at the OWASP Top 10
* Open-Source Code Analysis for your CI/CD
* Open-Source Security Scanning

Low-level Threat Avoidance
====================

* Avoiding SQL Injections -- Dangers of not properly-using an ORM
* Avoiding CSRF
* Avoiding XSS --- Data Scrubbing --- Data Rendering

Application Threat Avoidance
=====================

* User Authentication / Password Hashing
* OAuth Security
* Resource Access -- Multi Tenancy: Users & Companies


Chris Holland

Director, Engineering, TriNet

Chris Holland leads a small Software Engineering Team at an HR company. Throughout a career spanning more than 20 years, Chris has held Sr. Engineering and Leadership roles for small and large successful publicly-traded companies such as EarthLink and Internet Brands, serving business models across Content, Commerce, Travel & Finance on a wide variety of technology stacks including PHP/LAMP, Java/J2EE and C#/.Net, catering to audiences over 100 million monthly visitors.

Chris's full speaker profile