Although Java offers some great security ‘features’, this talk will handle the lack of ‘build in’ security when you develop your web applications. Security is not an on/off button or parameter you activate for your deployment! Some real world hacks will be demonstrated to show how easy it is to break the confidentiality or integrity of your data and how easy it is to break you web application! To finish off in a positive note: it IS possible to do it the right way. Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security “visible,” so that people and organizations can make informed decisions about application security risks. OWASP tools and methodologies such as OWASP Java security, source code security review and the enterprise security provide developers with a massive advantage over organizations that are trying to deal with security using existing ad hoc secure coding techniques.
I haven’t finished listening to the entire preso yet, so perhaps you correct this at some point – but *my understanding* is that Hibernate does not use stored procedures to get around SQL injection, rather it uses prepared statements.
Great preso in either event.