Managing Consultant at Foundstone
Dean H. Saxe is a Managing Consultant at Foundstone, A Division of McAfee, where he is responsible for conducting web application penetration testing, threat modeling, code reviews, secure software development lifecycle (S-SDLC) design and implementation, and project management. Prior to joining Foundstone, Dean spent more than 8 years developing web application in Java and ColdFusion in a variety of industries. While working in the banking sector, Dean's interest in application security was sparked and has grown steadily over the past five years. Dean also provides client education services as a lead instructor of these Foundstone courses: Building Secure Software, Writing Secure Code: Java/J2EE, and Writing Secure Code: ColdFusion. Dean holds the CISSP and Certified Ethical Hacker designations.
When not working, Dean enjoying hiking, cooking, homebrewing and traveling the world.
Presentations by Dean H. Saxe
In this seminar we'll examine how attackers can abuse Flash applications for fun and profit. That compiled black-box Flash application is not as opaque as you might think!
In this seminar we'll examine the security concerns around Ajax applications, how they are exploited and how developers can mitigate the risks to their applications. Ajax security begins with a discussion of the Same Origin Policy (SOP) of JavaScript, this is one of the key security features of JavaScript. Next, we'll examine authentication and authorization concerns with Ajax and how the developer can avoid common pitfalls.
See the hacker's toolbox in action as various web applications are ripped open by exploiting simple software bugs. Common problems such as Cross-Site Scripting (XSS) and SQL Injection will be demonstrated and explained, along with more subtle vulnerabilities including privilege escalation, data tampering, and Cross-Site Request Forgery. Even if you've seen XSS and SQL Injection before, advanced techniques will be presented that can slip through many protections.