The awesome folks at CFinNC have notified me that they selected one of my topics for their conference in the Raleigh/Durham area of North Carolina. I am very excited to have been selected and to visit a new state. I have never been to North Carolina, so that will be a great experience to. Not to mention getting to see old friends and make new ones. Here is the topic description:
Intro to Securing CFML Applications
This presentation will be an introduction to application security and an introduction to securing CFML applications. We will look at what it means for an application to be "secure", we'll discuss several general principles of application security, and we'll look at some of the basic threats against our applications and countermeasures to mitigate the risk of those threats.
We'll look at topics like:
- What is a "secure" application
- Principle of least privilege
- Failing securely
- Positive security model (white-listing)
- SQL Injection
- Cross-Site Scripting
I am really looking forward to this. This is an important topic and a fun one for me to talk about.