Learn More About the Secure Application Development Class

Abstract: Writing Secure code is the most effective method to securing your web applications. Writing secure code takes skill and know-how but results in a more stable and robust application and assists in protecting an organisations brand. Application security is not commonly a part of many computer science curricula today and most organizations have not focused on instituting a culture that includes application security as a core part of their software development training efforts. This intensive one-day course focuses on the most common web application security problems, including aspects of both the OWASP Top Ten (2010) and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code.

This course includes coverage of the following areas:

- Unvalidated Input

- Injection Flaws, OS commanding, SQL Injection

- Cross-Site Scriping & Client-side security

- CSRF/XSRF

- Authentication & Session Management

- Access control & Authorisation

- Broken Caching

- Error Handling & Resource Management

- The Secure SDLC

- Fuzzing, Proxy use and testing approach

Hands on Exercises

To cement the principles discussed, students can participate in a number of hands-on security testing exercises where they attack a live web application (i.e., OWASP Bank etc) that has been seeded with common web application vulnerabilities.

The students will use proxy tools commonly used by the hacker community to complete the exercises. Students need to bring their own windows based laptop to participate in the exercises. Wireless capability is recommended.

Audience: Developers who want to understand the most common web application security flaws, and how to avoid them and code in a secure manner.

Level: Beginner/Intermediate Prerequisite: Basic knowledge of a web programming language like Java or .NET recommended but not required.

Bringing your own windows based laptop is recommended so you can participate in the hands on exercises

Trainer Bio: Eoin Keary is a Global OWASP board member since 2009. He is a long time member of OWASP and have contributed year on year to OWASP projects and the OWASP mission of fighting the causes of software insecurity. He is based in Dublin, Ireland and run the Ernst & Young application security team across Europe.