Last year, after attending cf.Objective(), I became really excited about blogging and learning more, and presenting something at cf.Objective() 2009 because a personal goal. I even added it to my list of goals for 2009 on my annual review at work. Now it looks like I will achieve that goal. Sweet.
As any who read this blog knows, I am very interested in Application Security. I enjoy reading about and researching it, and I really enjoy testing it. I have spent many a Saturday afternoon and evening trying to exploit ColdFusion, databases, web forms, etc in ways that I see described in books and blog posts concerning other environments.
Since cf.Objective() is the "World's Only Enterprise Engineering Conference for ColdFusion Programmers", I am going to skip the "Intro to AppSec" presentation that I have done before. I think it is below the general demographic of cf.Objective() and I think I and many others are getting a little board with hearing about SQL injection attacks. This presentation will be about some more intermediate to advanced topics in Application Security.
My first pledge to you is that I will not talk about <cfqueryparam>. Everyone should know about SQL injection attacks, and if they don't, there are countless resources explaining it. I am not going to waste your time. There are more interesting and enjoyable topics that people need to know about. Some of the things I will discuss are:
- Request Forgeries
- Password Security
- Session Security
- Cookie Security
- Input Validation
I'm really looking forward to it. I think it is going to be a blast. Last year was my first CF conference. I met so many awesome people and had such a great time. The networking alone was worth the price of admission. As a speaker I will be in great company, but as an attendee I will be in amazing company.
I'd like to thank the cf.Objective() selection committee for giving me a chance and for making the process easy and enjoyable.