This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

2017 Global World Tour Boston

Jump to: navigation, search

OWASP WT Boston Banners 1024x768-copy.jpg

This is a free 1 day training event, however REGISTRATION is required.

Date: October 9, 2017

Title: Application Security Essentials

Trainer: Abhay Bhargav

Registration Check-In: 8:00am Training: 9:00am - 5:00pm

Location: Boston University
Metcalf Hall at the George Sherman Union Building
775 Commonwealth Avenue 2nd Floor
Boston, MA 02215
Google Maps
Campus Map with Parking Location

We will break for lunch from 12pm-1:30pm. There are some great restaurants and delis that are within a short 5-10 minute walk from BU. We will provide a list of suggested places to eat. An afternoon coffee break & snack will be provided.


Abhay Bhargav
Abhay Bhargav

Application Security Essentials
Slide Presentation

Abstract: Over the years, as a pentester and appsec professional, Abhay has worked with several companies across various industry verticals. This training is a distilled capsule that is replete with demos of tools, vulnerable apps and anecdotes from Abhay experiences in application security. As a result, it's a highly practical and focused training program that cuts to the heart of the need for application security. The program also trains participants on “security through insecurity”. Abhay has found that understanding vulnerabilities and attacks in depth, gives participants a more holistic and comprehensive perspective of security implementations that they can implement for their own applications. Additionally, it gives them a better appreciation for the seriousness of application security in their professional spheres.

The program has been a time-tested success. Abhay has delivered this program/some version of this program for over 1000 professionals all over the world, including large multi-national corporations, research institutions, universities, startups and security conferences. All of these organizations have reported that the audiences have displayed a higher sensitization, appreciation and understanding of application security issues and requirements, that has resulted in reduced vulnerabilities over time, less friction with security teams and security being seen as an integral part of engineering and product development.

The program uses several OWASP Projects as a cornerstone and a reference point to cover a wide-array of subjects, including but not limited to OWASP Top 10, OWASP ZAP, OWASP Dependency Check and OWASP ESAPI.

This program is platform/language agnostic and focuses on concepts and implementation considerations. While Abhay will refer to and showcase code from different languages and platforms, these security practices can be used across languages, platforms and frameworks.

Abhay has developed several realistic vulnerable apps and web services that he will be showcasing as demos in this training. These demos include vulnerabilities and their secure implementations. These demos also include typical browser-driven web applications and web services (API) style applications that have subtle but notable variations with reference to security. Abhay will also refer to Web Services-focused vulnerabilities like VERB Tampering, Token flaws and so on to highlight the differences between browser-driven web apps and web-services. This is aimed at providing a comprehensive web application security experience for participants.

  • The theme of the training will be "security through insecurity" where the instructor will be referring to and running demos for popular OWASP Top 10 Attacks and detailing protection strategies for these attacks with an intentionally vulnerable applications.
  • The instructor will be detailing OWASP Top 10 flaws like Insecure Direct object Reference, Sensitive Data Exposure, Injection Flaws, Cross Site Scripting, Cross Site Request Forgery and so on.
  • The instructor will showcase code snippets and implementation examples for security best practices against common web application security flaws
  • The instructor has extensive experience with penetration testing applications, which will be used as anecdotes and examples to demonstrate and emphasize important aspects of Web Application Security

Bio: Abhay Bhargav is the CTO of we45, a focused Application Security company. Abhay is the author of two international publications. “Secure Java for Web Application Development” and “PCI Compliance: A Definitive Guide”. Abhay is a builder and breaker of applications, and has authored multiple applications in Django and NodeJS. He is a passionate Pythonista and loves the idea of automation in security. This passion prompted him to author the world’s first hands-on Security in DevOps workshop that has been delivered in multiple locations, and recently as a highly successful workshop at the OWASP AppSecUSA 2016 in Washington DC, the OWASP AppSecEU 2017 at Belfast. He recently delivered a workshop on Application Security at DEFCON 25 in Las Vegas Nevada. In addition, Abhay speaks regularly at industry events including OWASP, ISACA, Oracle OpenWorld, JavaOne, and others.

Be sure to follow us on Twitter for more information.

Questions? Please Contact Us