- Building Secure Web & Web Service Applications
Building Secure Web & Web Service Applications
Trainer Name:Jim Manico
Title:Building Secure Web & Web Service Applications
Duration: 2 Days
Dates: 20th - 21nd September 2018
The major cause of webservice and web application insecurity is insecure software development practices. This highly intensive and interactive 2-day course provides essential application security training for web application and webservice developers and architects. The class is a combination of lecture, security testing demonstration and code review. Students will learn the most common threats against applications. More importantly, students will learn how to code secure web solutions via defense-based code samples.
Who Should Attend
- Jim’s secure coding training classes are designed to benefit any web/webservice developer, architect, security professional or other software development professional who needs to build and maintain secure webservice and web application software.
- While primarily a developer course, any security professional, project manager or other software professional who wants to learn about building secure software will benefit from this class.
- Familiarity with the technical details of building web applications and web services from a software engineering point of view.
Hardware / Software Requirements
- Any laptop that can run a browser and Burp Community Edition https://portswigger.net/burp/communitydownload
Agenda – Day 1
- Introduction to Application Security
- Introduction to Security Goals and Threats
- HTTP Security Basics
- CORS and HTML5 Considerations
- Webservice, Microservice and REST Security
- SQL and other Injection
- Cross Site Request Forgery
- File Upload and File IO Security
- Deserialization Security
- Input Validation Basics
- OWASP Top Ten 2017
- OWASP ASVS
Agenda – Day 2
- Content Spoofing and HTML Hacking
- XSS Defense
- Content Security Policy
- Angular.JS Security
- React.JS Security
- Authentication and Session Management
- Access Control Design
- HTTPS/TLS Best Practices
- 3rd Party Library Security Management
- Competitive Hacking Lab! With Prizes for Winners!
Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also the co-founder of Brakeman Security, Inc. and is an investor/advisor for Signal Sciences and BitDiscovery.
Jim is a member of the exclusive Java Champion community, is a member of the JavaOne rockstar speaker community and is the author of "Iron-Clad Java: Building Secure Web Applications" from McGraw-Hill and Oracle Press.
Open Source and Standard Work
- Jim is currently one of the project leaders of the OWASP ASVS (Application Security Verification Standard). https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project
- He’s the founder and co-project leader of the OWASP Proactive Controls awareness document. https://www.owasp.org/index.php/OWASP_Proactive_Controls
- He’s also the founder and co-project leader of the OWASP Cheat sheet Series collaborating with dozens of security authors around the world. https://www.owasp.org/index.php/OWASP_Cheat_Sheet_Series
- Jim also assists with the OWASP Java Encoder project and the OWASP HTML Sanitizer project.
- Jim also volunteers for the OWASP foundation where he helps build application security standards and other documentation.
- Jim is currently a board member of the SecAppDev Foundation promoting secure coding best practices and education in Europe. https://www.secappdev.org/