Securing web applications for system administrators

A presentation covering common attack methods and how to secure web applications when altering the code is not an option.

The ever growing pool of neglected web applications is a breeding ground for malicious activity on the web, and is a concern for web hosting providers whose customers tend to leave no time for security updates after updating their blogs, forums or CMS sites. This talk will cover some basic information on 3 common attack methods as well a 3 easy ways system administrators can address each type of threat and some other details regarding security best practices. Attack: XSS, SQL Injection and insecure upload forms. Defense: mod_security, IDS/IPS (snort/snortsam), and file system monitoring.

Speaker: Robert Rowley