Web Security

As a web application developer, most of the focus is on the user stories and producing business value for your company or clients. Increasingly however the world wide web is more like the wild wild web which is an increasingly hostile environment for web applications. It is absolutely necessary for web application teams to have security knowledge, a security model and to leverage proper security tools.

This 1/2 day training workshop on security will provide an overview of the security landscape starting with the OWASP top ten security concerns with current real world examples of each of these attack vectors. The first session will consist of a demonstration and labs using hacker tools to get an understanding of how a hacker thinks. It will include a walk through of the ESAPI toolkit as an example of how to solve a number of these security concerns including hands-on labs using the OWASP example swingset.

The workshop will include several hands on labs from the webgoat project in order to better understand the threats that are ever so common today.

Attendees will come away with the following skills / capabilities: - threat modeling - security audit plan - introduction to Pen testing - key / certificate management - fixing web application security issues

Don't be the weakest link on the web!