This workshop will give participants an opportunity to practically review Web Application Framework based applications for security vulnerabilities. The material in this workshop provides the hands-on experience that one would need to quickly understand each web application framework (Struts 2, Spring MVC, Ruby on Rails (Groovy on Grails), .NET MVC, Zend PHP, and Scala Play) and identify vulnerabilities in applications using those frameworks. Sample applications are provided with guided tasks to ease participants into understanding the nuances of each framework and the overall steps a code reviewer should follow to identify vulnerabilities.
Currently am a Principal Security Researcher with HP Fortify Have been focused on Application Security for over 8 years. Working as a Security Architect, Security Code Reviewer/Vulnerability Researcher and Principal Security Researcher. Contributed content and articles for the OWASP Guide and OWASP Cheat Sheets. Have been a developer since 1996. Have a Bachelor of Science from Cornell University and Juris Doctor from Lincoln Law School of San Jose