Description
Libraries depend on web applications. We purchase, license, or build them in-house to provide services to patrons and fulfill administrative needs, but how can we be assured our web applications are safe from common security vulnerabilities? Using a vended product as case study, we will examine a few of the most common security issues facing web applications, including Cross-Site Scripting (XSS), Cross-Site Request Forgery, and SQL injection along with technical strategies to probe for some of them without risking the integrity of your data or damage to the application. Knowledge of vulnerabilities is most helpful if they can be fixed! We will wrap up with strategies for communicating about security with developers and vendors.
Start Date
16-3-2017 10:30 AM
End Date
16-3-2017 11:30 AM
What Could Go Wrong? Gently Testing the Security of Your Vended and In-house Web Applications
Libraries depend on web applications. We purchase, license, or build them in-house to provide services to patrons and fulfill administrative needs, but how can we be assured our web applications are safe from common security vulnerabilities? Using a vended product as case study, we will examine a few of the most common security issues facing web applications, including Cross-Site Scripting (XSS), Cross-Site Request Forgery, and SQL injection along with technical strategies to probe for some of them without risking the integrity of your data or damage to the application. Knowledge of vulnerabilities is most helpful if they can be fixed! We will wrap up with strategies for communicating about security with developers and vendors.