This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Practical Web Security Overview

Jump to: navigation, search


Registration | Hotel | Walter E. Washington Convention Center


Course has been canceled

Course Length: 1 Day

The course gives an overview of the applicable security solutions in web applications, focusing on the most important technologies like Web Services, and tackling both transport-layer security and end-to-end security solutions. The most severe security threats of web-based technologies are introduced through a number of hands-on exercises, prepared in a plug-and-play manner by using a preset VMware virtual machine, including injection-related flaws, Cross Site Scripting, Cross Site Request Forgery, some other input validation-related bugs, improper use of cryptographic features, and many more.

Student Requirements

Students will need to bring a laptop with VMWare


Skill: Intermediate, Advanced

  1. The objective of the course is to provide essential security skills not just for security engineers but also for all programmers, software architects, analysts, testers and reviewers.
  2. The course raises the awareness of attendees to practical security problems by demonstrating the dangers of exploitable vulnerabilities and by giving an insight to the organized underground, the spam-distribution, phishing, bot-nets and all threats that are built on the exploitation of those implementation flaws.
  3. Attendees learn how to avoid these dangers, how to write secure code, how to apply architectural techniques and use applicable security services to increase the quality and security of software products in a cost-effective way.


Instructor: Zoltán Hornák. The owner and managing director of SEARCH-LAB, Zoltán completed his degree at the Technical University of Budapest. He spent eight years in the anti-virus industry as the development director of VirusBuster, and then worked as a security consultant. He established SEARCH Laboratory and launched two spin-off companies. He has led numerous R&D projects and product security audits for market leading ICT companies. He is a lecturer at the Budapest University of Economics and Technology and gives secure coding courses worldwide. He is a CISA, a member of the ISACA, the SAFECode and the John von Neumann Computer Society.