Roman Hustad

Salt Lake Software Symposium

Salt Lake City · June 22 - 23, 2007

You are viewing details from a past event

Software Security Consultant at Foundstone

Roman is a Principal Software Security Consultant at Foundstone, a small division of McAfee that provides security assessment, training, and software design services to corporate and government organizations around the world. After spending most of his life building software, now he figures out ways to break it through penetration testing, threat modeling, and code review. On the proactive side, he leads software design sessions, teaches Java security courses, and participates in the Hacme Books open-source project. In his ever-dwindling spare time Roman enjoys mountaineering, scuba diving, and other outdoor pursuits.

Presentations

Web Application Hacking

See the hacker's toolbox in action as various web applications are ripped open by exploiting simple software bugs. Common problems such as Cross-Site Scripting (XSS) and SQL Injection will be demonstrated and explained, along with more subtle vulnerabilities including privilege escalation, data tampering, and Cross-Site Request Forgery.

What You Don't Know About Cryptography

This session provides a gentle introduction to cryptography then covers the many subtle mistakes that even experienced developers make when writing cryptographic code.

How to Catch Hackers: Security Auditing and Logging

This session examines the code that developers must write in order to enable the detection of malicious activity and preservation of evidence after a security breach.