Last year I spoke at the Minnesota Government IT Symposium on application security, and I thought it went really well. I ended up with 75 or so attendees (for a 2.5 hour presentation), which I thought was fantastic.
This year I have been honored with being selected to speak again on application security (this time for only one hour) and also on Adobe AIR.
Last year's topic was an "Intro to Web Application Security", so this year I decided to follow up with "Intermediate Web Application Security".
I also submitted a second topic idea on "Building Field Applications with Adobe AIR", which was also selected.
Here are the topic descriptions:
Intermediate Web Application SecuritySo you've learned the basics. You have a good handle on mitigating threats like SQL injection and cross-site scripting. Are your applications secure now? What about threats like request forgeries and session hijacking? Have you given thought to how you are storing passwords or how you are keeping session credentials safe? In this presentation, we will look at application security topics that go beyond the basics.
Building Field Applications with Adobe AIRWeb applications are great. They are easy to build and maintain, cross platform, and accessible from anywhere. Well, almost anywhere. When we are in the field, we don't always have access to web applications. But that doesn't eliminate our need for them. Using Adobe AIR, we can create applications with the same, easy-to-use, cross-platform web technologies, but installed on the desktop in a "sometimes connected" deployment.
My presentations are both next Thursday the 10th of December. My Intermediate Application Security presentation is the last session of the conference. We'll see if I have the draw to keep people there up to the end ;)