This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Software Security Best Practices

Jump to: navigation, search


Registration | Hotel | Walter E. Washington Convention Center


Course Length: 2 Days

This hands-on tutorial starts with a description of the security problems faced by today's software developer, as well as a detailed description of how defective software can be exploited. It goes on to provide a thorough description of the best practices available to prevent, detect, and remediate security problems in software. Next, the tutorial includes hands-on design review exercises to reinforce each of the concepts presented, together with dozens of examples of common coding errors (primarily in C/C++ and Java).

Student Requirements

All students will be expected to bring their own laptop running a copy of the OWASP Live CD. To expedite course delivery, students should test the functionality of the OWASP Live CD on their system prior to arrival.

Specifically, please ensure that you're able to run the "AppSecEU May 2009 Release" of the OWASP Live CD, which can be downloaded either as an ISO, Virtual Box image, or VMWare image from:


Skill: Intermediate

  1. In-depth understanding of the software security problem space
  2. Hands-on experience identifying and remediating OWASP Top 10 vulnerabilities
  3. Hands-on experience with common software security tools


Instructor: Ben Tomhave is a Senior Security Analyst with Gemini Security Solutions in Chantilly, VA, specializing in solutions architecture, security planning, program development and management, and other strategic security solutions. He holds a MS in Engineering Management with an Information Security Management concentration from The George Washington University and is a CISSP.

His experience includes developing and delivering course materials internally and for the formal classroom environment. Course delivery covers areas such as security awareness, information security fundamentals, and application security. Ben has been specially trained and authorized to deliver this program by Ken van Wyk of KRvW Associates, LLC, to clients and AppSec DC 2010 students.