ESAPI and ColdFusion, or 'Security, Authentication and Encoding, oh my!'

In this session, we'll take a look at how to secure enterprise level applications (and anything else in between) using the open source Enterprise Security API (ESAPI) developed by OWASP.

Starting with a look into the simplest implementation of ESAPI's built-in encodeForXXX functions to assist in blocking potential XSS attacks, we'll also delve into the more in-depth authentication protocols, session handling and user access, as well as the access controller to ensure user roles and priviliges are persisted and the correct access to application pages are dealt with.

Also topics to cover (in some detail) are: logging, encryption and encoding.

Although the initial session will mention the original Java version of the ESAPI project, the majority of the session will deal with the ColdFusion version, the CFESAPI project.

Speaker

Matt Gifford

Get Your Stinkin' Badges!

Help us promote cf.Objective() »

What people are saying

"The content exceeded my expectations. I've been to Adobe Max, CFUnited and Flash Forward, many of these sessions at these conferences are full of fluff. I found the majority of cf.Objective()'s sessions to contain useful info. Thank you!"
James Eisenlohr - NASA

"Good, diverse topics. There was never a session slot where I couldn't find anything that I wanted to attend."
Jay Springer - Mounds Park Academy

"I'd only heard good things about cf.Objective(), so as a first-timer, I was very excited to see the venue and experience the content first-hand. I have not been disappointed!"
Lynn Doogs - Jack Henry Associates, Inc.

ESAPI and ColdFusion, or 'Security, Authentication and Encoding, oh my!'

Speaker

Sponsors

Get Your Stinkin' Badges!

Recent News View All »

What people are saying