Greater Atlanta Software Symposium - May 16 - 18, 2008 - No Fluff Just Stuff
NFJS2025

Roman Hustad

Greater Atlanta Software Symposium

Atlanta · May 16 - 18, 2008

You are viewing details from a past event
Roman Hustad

Software Security Consultant at Foundstone

Roman is a Principal Software Security Consultant at Foundstone, a small division of McAfee that provides security assessment, training, and software design services to corporate and government organizations around the world. After spending most of his life building software, now he figures out ways to break it through penetration testing, threat modeling, and code review. On the proactive side, he leads software design sessions, teaches Java security courses, and participates in the Hacme Books open-source project. In his ever-dwindling spare time Roman enjoys mountaineering, scuba diving, and other outdoor pursuits.

Presentations

What You Don't Know About Cryptography

This session provides a gentle introduction to cryptography then covers the many subtle mistakes that even experienced developers make when writing cryptographic code.

Web Application Hacking

See the hacker's toolbox in action as various web applications are ripped open by exploiting simple software bugs. Common problems such as Cross-Site Scripting (XSS) and SQL Injection will be demonstrated and explained, along with more subtle vulnerabilities including privilege escalation, data tampering, and Cross-Site Request Forgery.

How to Catch Hackers: Security Auditing and Logging

This session examines the code that developers must write in order to enable the detection of malicious activity and preservation of evidence after a security breach.

How to Do a Security Code Review

This session is a hand-on exercise in Java code review that will cover both manual and automated techniques. If you envision code review as a line-by-line slog through thousands of programs, you will be surprised to learn some effective techniques that reduce the tedium and increase your enjoyment of this activity (well, maybe not the enjoyment part). Familiar methods such as pair programming and peer reviews are a great place to start and will immediately increase the security of your code base.