Today's OpenMRS Developer Forum: Jim Manico

classic Classic list List threaded Threaded
2 messages Options
Burke Mamlin Burke Mamlin
Reply | Threaded
Open this post in threaded view
|

Today's OpenMRS Developer Forum: Jim Manico

OpenMRS Devs,

Can you name on of your biggest security concerns about OpenMRS?  Is there something that you think we could be doing better regarding security in the OpenMRS API, application, or within our OpenMRS modules?

We're fortunate to have Jim Manico joining us in today's developers forum.  Jim is a security expert and educator and has worked with the OpenMRS team in the past, so we're lucky to have some of his time to discuss security issues around OpenMRS.
  • What is XSS?
  • What is SQL Injection?
  • What is Cross Site Request Forgery?
  • Authentication best practices?
  • Access Control Design best practices?
  • What is Clickjacking?
We can answer these and more.  Please bring your security-related questions, concerns, and ideas to today's Developers Forum!

When: Today, Thursday 10-May, 10-11 ET / 14-15 UTC
Where: http://connect.openmrs.org (Developers Forum) via Adobe Connect screen sharing and/or Skype

Cheers,

-Burke

[hidden email] from OpenMRS Developers' mailing list
Steven Githens Steven Githens
Reply | Threaded
Open this post in threaded view
|

Re: Today's OpenMRS Developer Forum: Jim Manico

After the call we were chatting about OWASP learning tools, and the Web Goat one is pretty cool.  I ran through some of it a few years ago (as part of a larger formal class).  It's basically an insecure j2ee app you run locally, and for each exercise you have to exploit it and then fix it.

https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project

-s

On 05/10/2012 12:57 AM, Burke Mamlin wrote:
OpenMRS Devs,

Can you name on of your biggest security concerns about OpenMRS?  Is there something that you think we could be doing better regarding security in the OpenMRS API, application, or within our OpenMRS modules?

We're fortunate to have Jim Manico joining us in today's developers forum.  Jim is a security expert and educator and has worked with the OpenMRS team in the past, so we're lucky to have some of his time to discuss security issues around OpenMRS.
  • What is XSS?
  • What is SQL Injection?
  • What is Cross Site Request Forgery?
  • Authentication best practices?
  • Access Control Design best practices
  • What is Clickjacking?
We can answer these and more.  Please bring your security-related questions, concerns, and ideas to today's Developers Forum!

When: Today, Thursday 10-May, 10-11 ET / 14-15 UTC
Where: http://connect.openmrs.org (Developers Forum) via Adobe Connect screen sharing and/or Skype

Cheers,

-Burke

[hidden email] from OpenMRS Developers' mailing list


[hidden email] from OpenMRS Developers' mailing list