Writing a web application that is strong and security requires a lot of work. There tons of aspect you may want to be care of, from the HTTPS setup, the hosting server, input sanitization and authorization / authentication mechanism.
In this talk we will setup a very simple ToDO application, designed to be secure. We will also show from what it must be secure.
It was 1994 and Paolo discovered that filling a buffer with 0x41 and 0x90 was really fun moreover it was funny having system applications to spawn shells for him. He started fighting against insecure software with the motto "defensive programming will save us" writing some application security tools he currently uses for his own job.
Back in 2012, Paolo launched armodercode.com, a technical blog about application security as seen either from the developer point of view. In 2014 Paolo launched Codice Insicuro, an application security focused blog in Italian language only.
Paolo wrote wordstress, a Wordpress PHP plugin and a whitebox ruby scanner for wordpress related vulnerabilities. Paolo also wrote dawnscanner, the real opensource alternative to Brakeman for Ruby powered web application security static analysis. It supports Sinatra, Padrino and Rails out of the box. In his spare time Paolo is an husband, a proud father, a Taekwon-do ITF martial artists and instructor.