Application Security – Where do I start?
Writing Secure code is the most effective method to securing your web applications. Writing secure code takes skill and know- how but results in a more stable and robust application and assists in protecting an organizations brand. Application security is not commonly a part of many computer science curricula today and most organizations have not focused on instituting a culture that includes application security as a core part of their software development training efforts.
This intensive boot-camp focuses on the most common web application security problems, including aspects of both the OWASP Top Ten (2010) and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code and understand fixes.
• 3 hour training session covering:
In-depth XSS attacks and defense, including interactive labs and demos.
Introducing students to both server side encoding using ESAPI (Java) and client side controls such as ESAPI4JS with code examples.
Injection theory and defenses for both client and server with code examples.
SQL Injection attacks, theory and defense with Labs covering typical SQL injection and
more advanced OS/Command Injection attacks with code examples.
Comprehensive section covering crypto implementation techniques, best practice and pitfalls with code examples.
CSRF attacks and defense including Labs/Demos with code examples.
ClickJacking – What is it, why should I care? Defense and Labs/Demos
Web access control and authorization best practice with code examples.
Authentication best practice with code examples.
This class has been delivered to over 1000 people since 2011 including RSA 2013, RSA EU 2014, LASCON, AppSec EU, AppSec USA
This class is free to all whom attend. It is supporting part of the OWASP mission to educate developers and testers alike in secure code techniques.
About the Trainers
Independent training consultant and has been a web application developer since 1997.
He has also been an active member of OWASP since 2008 supporting projects that help developers write secure code.
Jim lives in Hawaii and California, USA
Eoin Keary is the CTO and founder of BCC Risk Advisory Ltd and an international board member of OWASP.
He has also led global security engagements for some of the world’s largest financial services and consumer products companies. He has over 15 years expereince in software development and application security
He is a well known technical leader in industry in the area of software security and penetration testing. He previously lead the OWASP code review and testing projects and is focused on software security. Eoin lives in Dublin ,Ireland. (Not as nice as Hawaii....)
When & Where
The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.