<<< Previous speaker Next speaker >>>

Jeff Williams, Aspect Security

Jeff Williams

Jeff Williams is the founder and CEO of Aspect Security, the leading provider of application security services (http://www.aspectsecurity.com).

Jeff also serves as the volunteer Chair of the Open Web Application Security Project (OWASP), a free and open source organization dedicated to finding and fighting the causes of insecure software (http://www.owasp.org).

Jeff has been writing code for 25 years, speaks frequently on application security, and has published numerous papers on practical risk and assurance techniques. Jeff holds advanced degrees in psychology, computer science, and human factors, and graduated cum laude from Georgetown University Law Center.

Presentation: "Establishing Your Organization's Enterprise Security API"

Time: Wednesday 14:30 - 15:30

Location: Stanford

Abstract:

Every organization should define a standard way for developers to perform common security-related actions - authenticating, access control, validation, encoding, encryption, logging, error handling, and more.

In this talk, Jeff will discuss the process of establishing a security API for your enterprise, focusing on the most critical methods needed by web application and web service developers.

Jeff will also share experiences developing the OWASP Enterprise Security API (ESAPI), which is a free and open-source project building an ESAPI and a full Java EE reference implementation.

Password protected Download slides

Presentation: "Perfect Storm - Stopping New Attacks in a Web 2.0 World"

Time: Wednesday 16:00 - 17:00

Location: Stanford

Abstract: In this session, Jeff will discuss web application threats arising out of rich client and "Web 2.0" technology such as Javascript, Ajax, and Flash that have recently become extremely dangerous. He'll focus on "Cross-Site Request Forgery" (CSRF) and "Advanced XSS" vulnerabilities that can be found in the vast majority of current web applications. The talk will cover maintaining security as the trust boundary shifts between client and server in enterprise application architectures.

Password protected Download slides