Bored with ColdFusion security presentations that rehash the OWASP Top Ten? Do this and don't do that with terse snippets of code…
This session was different. David demonstrated the tools that are available to hackers and shows how a web application is attacked live during the webinar. Using the OWASP Top Ten as a guide, he will attack a demo site using a combination of vulnerabilities to an application. Given the recent ColdFusion security issues, this session was a must-attend for any serious ColdFusion developers, administrations, and managers.
Also covered:
- Events in ColdFusion security and hacking
- Overview of OWASP 2013 Top Ten
- Shown how attacks are never a single issue, but combination of vulnerabilities
- See authentication bypass in action
- Q&A
| Date: | Wednesday, June 5, 2013 |
| Time: | 1:00 PM – 2:00 PM EDT |
Bio:
David Epler is a Software Architect with AboutWeb in Rockville, MD. As a member of AboutWeb's solutions team, he has built, deployed, and maintained systems compliant with the most demanding regulations and mandates needed to pass security certification and accreditation for Federal Government clients. He has been developing with ColdFusion since version 4, is an active member of the ColdFusion community, and is an Adobe Community Professional.
David has contributed to several open source ColdFusion projects and frameworks, along with the blog he maintains (www.dcepler.net). He was responsible for creating and maintaining Unofficial Updater 2 (www.uu-2.info) which makes patching ColdFusion 8 and 9 significantly easier before the Hotfix installer was introduced in ColdFusion 10. He also contributed the Security chapter for Learn CF in a Week (www.learncfinaweek.com). David has been a speaker at various user groups and conferences like cf.Objective(), CFUnited, RIACon, and Adobe Government Technology Summit. He also co-mangages the Capital Area Cyber Security User Group in the DC Metro Area (www.meetup.com/Capital-Area-Cyber-Security/)
David spoke at the Rich Internet Application Conference (RIACon) http://www.riacon.com/ August 5-6 at the Silver Spring Convention Center to learn about creating the next generation of web and mobile based applications. RIACon includes networking with fellow industry professionals and community leaders while being exposed to the most up to date skills needed for building great applications leveraging the best technologies available today.
