Be the first to like this
Most common application security vulnerabilities are more or less variants on the same thing - "the anti pattern". The anti pattern is typically: 1 - an externally supplied input, and 2 - a powerful API operating directly on input supplied by previously mentioned input. The big point of the presso was to highlight why Criteria API (and Parameterized Queries if Criteria style APIs are not available) are to be used.
Presented at Opkoko 2012.