Cross-site request forgery vulnerabilities are often poorly understood and considered a low priority, making them strong candidates for exploitation. This session will feature an attack demonstration against a web application that utilizes a Java stack, followed by a defense demo using OWASP CSRFGuard.
John is an application developer with 10+ years of experience, with a focus on product development and application security. He works for RIT, serves as an officer of the Rochester chapters of OWASP and ISSA, and assists with the annual Rochester Security Summit.