Developers often do not know what the common issues are with the framework they
are using. At the same time, most common frameworks ship with easy ways to
shoot your application’s security in the foot. In this world we live in,
developer education will fail if even one mistake is made, which will expose a
dangerous vulnerability. In this talk, we’ll show how you can dramatically
reduce the chance developers will shoot themselves in the foot by giving them
safer versions of their common tools so your company can ship more secure code.
We will write wrapper classes and safe versions of common tools to eliminate
XSS vectors, open redirects, XXE, SSRF, LFI, and other dangerous bugs in your
Morgan Roman works on the application security team at DocuSign. He started his career writing integration tests for web applications and APIs as a software development engineer in test. He...