A product that works is not done, as there are many facets to consider - availability, scalability, security. Of those, security is probably the most costly to get wrong.

This talk will build a threat model for a sample web application, showcasing a structured approach to securing your web application. Various vulnerabilities are shown and mitigated, based on current best practices. We take special care to show to eliminate entire classes of vulnerabilities, rather than tackling problems one by one.

The code samples will be built on top of Apache Sling, but previous knowledge of Sling or its components is not required.

After this talk attendees will have learned of a structured approach for proactively handling security as part of the development process.

Speakers:

Robert Munteanu: Adobe, Senior Computer Scientist, Working as a Senior Computer Scientist in the AEM Core Cloud Foundation team at Adobe, Robert Munteanu is a software developer with a passion for open source. He is a member of the Apache Software Foundation and frequent contributor to many open source projects, notably Apache Sling and Apache Jackrabbit. Robert is a frequent conference speaker, having spoken at Devoxx, Belgium ApacheCon and EclipseCon, amongst others.