Najaf Ali is a programmer, speaker, trainer, writer and founder of a small technical consultancy called Happy Bear Software based in London, UK. He also runs popular workshops that teach developers how to thoroughly violate the security mechanisms of the average Ruby on Rails application.
Security is hard, and as developers we have very little time to focus on it. Short of hiring a professional security firm, what's a development team supposed to do to stay one step ahead of attackers? Or at the very least remove themselves from the lowest hanging fruit?
We'll be covering why you should care about security at all, common ways in which security mechanisms fail and good habits for you development team that will strengthen your software against attacks. The talk will be packed with war stories from real exploits and examples of non-trivial vulnerabilities of the sort that turn up in web application code.
This is a version of a talk I presented to the London Ruby User Group last year. Since I've been teaching regular workshops on the same topic since then, much of the content (I'd say 50%+) will be new. I aim to finish within 25-30 minutes so there's plenty of time for QA (or scheduling flexibility if you require it).