Looks like I'll be presenting at cf.Objective()

Last year, after attending cf.Objective(), I became really excited about blogging and learning more, and presenting something at cf.Objective() 2009 because a personal goal. I even added it to my list of goals for 2009 on my annual review at work. Now it looks like I will achieve that goal. Sweet.

As any who read this blog knows, I am very interested in Application Security. I enjoy reading about and researching it, and I really enjoy testing it. I have spent many a Saturday afternoon and evening trying to exploit ColdFusion, databases, web forms, etc in ways that I see described in books and blog posts concerning other environments.

Since cf.Objective() is the "World's Only Enterprise Engineering Conference for ColdFusion Programmers", I am going to skip the "Intro to AppSec" presentation that I have done before. I think it is below the general demographic of cf.Objective() and I think I and many others are getting a little board with hearing about SQL injection attacks. This presentation will be about some more intermediate to advanced topics in Application Security.

My first pledge to you is that I will not talk about <cfqueryparam>. Everyone should know about SQL injection attacks, and if they don't, there are countless resources explaining it. I am not going to waste your time. There are more interesting and enjoyable topics that people need to know about. Some of the things I will discuss are:

  • Request Forgeries
  • Password Security
  • Session Security
  • Cookie Security
  • Input Validation

I'm really looking forward to it. I think it is going to be a blast. Last year was my first CF conference. I met so many awesome people and had such a great time. The networking alone was worth the price of admission. As a speaker I will be in great company, but as an attendee I will be in amazing company.

I'd like to thank the cf.Objective() selection committee for giving me a chance and for making the process easy and enjoyable.

Comments
bill shelton's Gravatar Awesome, Jason! Dude, we need to talk ... sounds like we're on the same track, except my talk will focus on security "testing".

bill
# Posted By bill shelton | 1/29/09 9:34 AM
Jason Dean's Gravatar @Bill, I look forward to it. I was just asking someone a few weeks ago about ways to incorporate security testing into unit testing and Integration testing. I am still a testing novice.
# Posted By Jason Dean | 1/29/09 9:45 AM
Bob Silverberg's Gravatar Congrats Jason. I look forward to meeting you in May.
# Posted By Bob Silverberg | 1/29/09 12:46 PM
BlogCFC was created by Raymond Camden. This blog is running version 5.9.1. Contact Blog Owner