"GOTO Copenhagen 2014 is designed for software developers, IT architects, agilists, product owners and project managers who want to go into depth with one or more subject areas e.g. Java, .Net, JavaScript, Web, Mobile, Cloud, Lean/Agile, and Architecture. Each training offers a chance to develop your skills and become more effective in your work. The conference includes 8-12 daily trainings. You can choose to sign up for just one training, a two-day-training, or join one training each day– it’s completely up to you! Our trainers are authors, experts and practitioners across various areas of software development so you get a chance to learn from and network with the best".

Workshop: "Web Security: How to sleep at night"

Track: Web Security: How to sleep at night / Time: Tuesday 09:45 - 17:30 / Location: Room 8

Money and businesses are becoming increasingly more digital and accessible on the Internet. The criminals follow the money and the users, and often the news media cover incidents where sensitive information or money has been lost.
Today, web applications are used to access confidential user- and company data, which makes web security an important subject to address.

This training course gives you an introduction to web application security and introduces a number of important up-to-date security vulnerabilities every programmer should address. Live examples are given using real-life and fabricated attacks to demonstrate what the worst case could be if criminals attack an unsecure site.

Techniques to discover various vulnerabilities will be demonstrated using publicly available tools, such as developer tools for browsers, proxies and open source security scanners. Finally, the talk will provide an overview of how to prevent the vulnerabilities covered.

Content:

  • Introduction: HTTP, HTML, JavaScript, DOM, Encoding and Browser Policies
  • AJAX og HTML5, Cross-Origin Sharing, Messaging and Storage
  • Authentication, Cookies and Sessions.
  • Fingerprinting/Identification of Servers/Applications/Objects
  • Top Vulnerabilities:
    • Cross-Site Request Forgery
    • Cross-Site Scripting
    • (Blind) SQL Injection
    • Clickjacking
  • Securing Internal Applications
  • How to Use Automated Security Scanners
  • Intrusion Detection
Goals and Requirements:

Attendees will learn how the execute, investigate and prevent attacks in theory and practice.Knowledge of web application development is a big plus.

Anders Skovsgaard, Creator of the online scanner Hackavoid.dk

Anders Skovsgaard

Biography: Anders Skovsgaard

Anders Skovsgaard is the founder of 2600 Security, a company that offers cloud-based automated security scanning of web-sites and servers. He is specialised in web security and during the last 12 years, while completing a Masters in Computer Science, he has been working as a consultant for a large number of companies, e.g., banks, ISPs, news medias, gambling- and energy companies. He began the development of the security scanner more than six years ago; a continuous process that never ends. Anders is passionate about state-of-the-art security vulnerabilities and is happy to share his knowledge with hands-on examples.

Currently, he is completing a PhD in the Data-Intensive Systems group at Aarhus University.