• Sydney'18
  • Training
  • Building Secure Web & Web Service Applications

Building Secure Web & Web Service Applications

Jim Manico

Register Now

Trainer Name:Jim Manico
Title:Building Secure Web & Web Service Applications
Duration: 2 Days
Dates: 20th - 21nd September 2018


The major cause of webservice and web application insecurity is insecure software development practices. This highly intensive and interactive 2-day course provides essential application security training for web application and webservice developers and architects. The class is a combination of lecture, security testing demonstration and code review. Students will learn the most common threats against applications. More importantly, students will learn how to code secure web solutions via defense-based code samples.

As part of this course, we will explore the use of third-party security libraries and frameworks to speed and standardize secure development. We will highlight production quality API's from various languages and frameworks that provide production quality and scalable security controls. This course will include secure coding information for Java, PHP, Python, Javascript and .NET programmers, but any software developer building web applications and webservices will benefit.

Who Should Attend

  • Jim’s secure coding training classes are designed to benefit any web/webservice developer, architect, security professional or other software development professional who needs to build and maintain secure webservice and web application software.
  • While primarily a developer course, any security professional, project manager or other software professional who wants to learn about building secure software will benefit from this class.

Prerequisite Knowledge

  • Familiarity with the technical details of building web applications and web services from a software engineering point of view.

Hardware / Software Requirements

Agenda – Day 1

  • Introduction to Application Security
  • Introduction to Security Goals and Threats
  • HTTP Security Basics
  • CORS and HTML5 Considerations
  • Webservice, Microservice and REST Security
  • SQL and other Injection
  • Cross Site Request Forgery
  • File Upload and File IO Security
  • Deserialization Security
  • Input Validation Basics
  • OWASP Top Ten 2017
  • GDPR

Agenda – Day 2

  • Content Spoofing and HTML Hacking
  • XSS Defense
  • Content Security Policy
  • Angular.JS Security
  • React.JS Security
  • Authentication and Session Management
  • Access Control Design
  • HTTPS/TLS Best Practices
  • 3rd Party Library Security Management
  • Competitive Hacking Lab! With Prizes for Winners!


Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also the co-founder of Brakeman Security, Inc. and is an investor/advisor for Signal Sciences and BitDiscovery.

Jim is a member of the exclusive Java Champion community, is a member of the JavaOne rockstar speaker community and is the author of "Iron-Clad Java: Building Secure Web Applications" from McGraw-Hill and Oracle Press.

Open Source and Standard Work


  • Jim also volunteers for the OWASP foundation where he helps build application security standards and other documentation.
  • Jim is currently a board member of the SecAppDev Foundation promoting secure coding best practices and education in Europe. https://www.secappdev.org/

Copyright © 2018-19 | Nullcon India | International Security Conference | All Rights Reserved