"Those that do not learn from history are doomed to repeat it."

As with military history, the adage also is true for web applications security. Based on our experiences as an open source web application archive for the last seven years, we'll highlight some of the big web application security bloopers of the last year. In addition, their relationship to past holes over the many years web applications have been produced will be discussed. In addition, the discussion of the multi-faceted nature of recent security problems will also be touched upon. In other words, more recent holes are relying on a domino effect of several normally benign bugs combined to become one gaping security problem.

First presented at ApacheCon, Santa Clara, April 2001

Zipped Powerpoint (48K) | PDF (84K)