Zane Lackey, Etsy

"Zane Lackey leads the security groups at Etsy, the world’s marketplace of creative independent businesses. Prior to Etsy, Zane was a Senior Security Consultant at iSEC Partners with a focus in the fields of mobile and web application security.

His research has been featured in notable media outlets such as the BBC, Associated Press, Forbes, Wired, CNET, SC Magazine and numerous others. A frequent speaker at top industry conferences, he has presented at BlackHat, RSA, Microsoft BlueHat, Toorcon, DeepSec, SANS, OWASP, guest lectured at NYU, and in 2010 was named as one of 12 prominent security researchers by Network World magazine.

He is a contributing author of Mobile Application Security (McGraw-Hill), a co-author of Hacking Exposed: Web 2.0 (McGraw-Hill), and a contributing author/technical editor of Hacking VoIP (No Starch Press). He holds a Bachelor of Arts in Economics with a minor in Computer Science from the University of California, Davis."

Presentation: "Web application security for dynamic languages"

Track: Dynamic Languages for the Web

Time: Friday 16:00 - 16:50

Location: Seacliff AB

Abstract:

"Building a worldwide marketplace at scale, Etsy has overcome a number of application security challenges. This presentation will focus on new and interesting approaches to application security problems posed by dynamic languages in a continuous deployment environment.

Specifically, this presentation will cover useful security systems such as automatic vulnerability and application fault detection, effective platform defenses for XSS/SQLi, practical security alerting mechanisms, and visualizations of security related data. This talk demonstrates specific PHP code patterns and implementation examples of application defenses, as well as how to create security mechanisms using free tools that improve security posture without commercial security products."