Protecting a web application against cross-site request forgery (CSRF) typically requires architectural changes. In researching and building its security analysis tool, Coverity realized that web developers struggle with how to implement them. In this on-demand webcast, we present an example-driven survey of how real apps are secured against CSRF, highlighting the trade-offs and pitfalls of various approaches. We discuss what characteristics make for secure, scalable, and foolproof solutions.
In this webcast, we specifically cover:
Who should attend: Java EE developers
|Dr. Aaron Hurst is a Principal Engineer at Coverity, a Synopsys company, where his primary role is developing new program analysis methods and tools for identifying Java web application security defects. He received his Ph.D. from the University of California, Berkeley in 2008, and his M.S. and B.S. from Carnegie Mellon University. After graduating, he spent several years as a Research Scientist at Cadence Research Laboratories.