This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:OWASP AppSec Conference Training"
m (→T3. Web Services and XML Security) |
m (→T4. Leading the Development of Secure Applications - 1-Day Course - Oct 9, 2008) |
||
Line 148: | Line 148: | ||
== T4. Leading the Development of Secure Applications - 1-Day Course - Oct 9, 2008 == | == T4. Leading the Development of Secure Applications - 1-Day Course - Oct 9, 2008 == | ||
+ | |||
+ | '''Summary''' | ||
+ | |||
+ | In this one-day management session you’ll get the answers to the ten key questions that most CIOs and development managers face when trying to improve security in the development process. The course provides proven techniques and valuable lessons learned that can be applied to projects at any phase of their application’s lifecycle. | ||
'''Course Overview''' | '''Course Overview''' | ||
+ | |||
+ | The following important questions are answered in this course. | ||
+ | * Why is application security so important? | ||
+ | * What are the most critical vulnerability areas to focus on and how? | ||
+ | * What security tools and technologies do software projects need? | ||
+ | * How do I establish an application security initiative in my organization? | ||
+ | * How can I enhance my SDLC to include security activities? | ||
+ | * How do I measure my organization’s progress in application security? | ||
+ | * How can I get my developers to care about application security? | ||
+ | * What teams and roles should I create to address application security? | ||
+ | * How do I get a handle on the security of my entire application portfolio? | ||
+ | * What is the most effective way of securing legacy applications? | ||
+ | |||
+ | This is the right course at the right time for any executive who has decided that secure application development is a priority. The analyst community is helping CIOs understand just how critical the problem of insecure programming has become. For example the | ||
+ | |||
+ | Robert Francis Group (a well-known application development analyst group) wrote: | ||
+ | “The lack of application security requirements and associated poor security focus in the development process can cripple business application security leading to significant revenue loss and perhaps liability claims from anyone impacted by this oversight. IT executives should review application development processes and direct development teams to build in security, rather than consider it after the application deployment.” | ||
+ | |||
+ | This course gives executives and managers the education and practical guidance they need to ensure that software projects properly address security. The course is designed to provide a firm understanding of the importance of software security, the critical security activities required within the software development lifecycle, and how to efficiently manage security issues during development and maintenance. This understanding is reinforced through industry awareness and live demonstrations of commonly found vulnerabilities in software. | ||
+ | |||
+ | |||
+ | '''Audience''' | ||
+ | |||
+ | The intended audience for this course is: Program Managers, Account Managers, Functional/Resource Application Managers, Technical Program/Project Managers (Chief Engineers), Executives, Directors, and Key/Technical Decision Makers | ||
+ | |||
Revision as of 18:51, 29 February 2008
- 1 OWASP AppSec 2008 Training Courses - October 9-10, 2008
- 2 T1. Defensive Programming - 2-Day Course - Oct 9-10, 2008
- 3 T2. Advanced Web Application Security Testing - 1-Day Course - Oct xx, 2008
- 4 T3. Web Services and XML Security
- 5 T4. Leading the Development of Secure Applications - 1-Day Course - Oct 9, 2008
- 6 T5. Application Security Forensics- 1-Day Course - Oct 10, 2008
OWASP AppSec 2008 Training Courses - October 9-10, 2008
OWASP has arranged to have xx 2-day and xx 1-day Application Security training courses following the conference.
Three courses will be provided by a long time contributor to OWASP, Aspect Security. One course will be provided by a Pravir Chandra, Project lead of the OWASP Clasp Project. Another course will be presented by the FBI.
These courses are being offered to attendees of the OWASP conference at a significant discount to their standard commercial price. Most of the course fee will go to OWASP to support the OWASP Foundation's efforts.
T1
|
Defensive Programming
|
---|---|
T2
|
Advanced Web Application Security Testing
|
T3
|
Web Services and XML Security
|
T4
|
Leading the Development of Secure Applications
|
T5
|
Application Security Forensics
|
Pricing
$675 for 1-Day Training Course
$1350 for 2-Day Training course
Location
At Pace University in New York. Same location as the conference.
Course Times
Each class begins at xx AM and runs until xx PM each day.
Registration
Registration is available via the OWASP Conference Cvent site at:
T1. Defensive Programming - 2-Day Course - Oct 9-10, 2008
Course Overview
This class will teach you how to program defensively. A must for developers, managers, testers and security professionals. Learn the latest techniques to build attack resistant code, protect from current and future vulnerabilities and how to secure an application from both implementation bugs and design flaws.
Details
Day One
Understanding the platform,
Language design considerations,
Memory management features,
Browser security model,
Handling Input and Output Securely,
Interfacing with a database,
Understanding the control and data planes,
Handling user input,
Character representation and encoding,
Determinism and Concurrency,
Acting on resource properties,
Reliable locking schemes,
Shared system resources,
Session Management,
Random numbers and temporary files,
Day Two:
Safe Error Handling and Logging,
Error/exception handling,
Numeric data types,
Programmatic checks and assertions,
Audit Logging,
Debug Code,
Information Leakage,
Engineering for Security Features,
Applying cryptography,
Authentication and authorization,
Managing application state,
Secrets inside code,
Using privileged code,
Designing hardened interfaces,
Software Security in Operations,
Network Infrastructure,
Configuration of web apps,
Application Packaging,
Code Signing,
Managing Key Material,
Reference
Registration
Registration is available via the OWASP Conference Cvent site at:
Tutorial Provider
This tutorial is provided by Pravir Chandra, a well known security expert, project lead for OWASP CLASP project and former co-founder & CTO of secure software
T2. Advanced Web Application Security Testing - 1-Day Course - Oct xx, 2008
Course Overview
Registration
Registration is available via the OWASP Conference Cvent site at:
Tutorial Provider
This tutorial is provided by longtime OWASP contributor:
T3. Web Services and XML Security
Course Overview
The movement towards Web Services and Service Oriented architecture (SOA) paradigms requires new security paradigms to deal with new risks posed by these architectures. This session takes a pragmatic approach towards identifying Web Services security risks and selecting and applying countermeasures to the application, code, web servers, databases, application, and identity servers and related software.
Many enterprises are currently developing new Web Services and/or adding and acquiring Web Services functionality into existing applications -- now is the time to build security into the system!
Details
Topics covered include understanding how web application risks (such as those in OWASP Guide and OWASP Top Ten) apply in a Web Services world, and Web Services security topics including:
- Web Services attack patterns
- Common XML attack patterns
- Data and XML security using WS-Security, SAML, XML Encryption and XML Digital Signature
- Identity services and federation with SAML and Liberty
- Hardening Web Services servers
- Input validation for Web Services
- Integrating Web Services securely with backend resources and applications using WS-Trust
- Secure Exception handling in Web Services
Registration
Registration is available via the OWASP Conference Cvent site at:
Tutorial Provider
T4. Leading the Development of Secure Applications - 1-Day Course - Oct 9, 2008
Summary
In this one-day management session you’ll get the answers to the ten key questions that most CIOs and development managers face when trying to improve security in the development process. The course provides proven techniques and valuable lessons learned that can be applied to projects at any phase of their application’s lifecycle.
Course Overview
The following important questions are answered in this course.
- Why is application security so important?
- What are the most critical vulnerability areas to focus on and how?
- What security tools and technologies do software projects need?
- How do I establish an application security initiative in my organization?
- How can I enhance my SDLC to include security activities?
- How do I measure my organization’s progress in application security?
- How can I get my developers to care about application security?
- What teams and roles should I create to address application security?
- How do I get a handle on the security of my entire application portfolio?
- What is the most effective way of securing legacy applications?
This is the right course at the right time for any executive who has decided that secure application development is a priority. The analyst community is helping CIOs understand just how critical the problem of insecure programming has become. For example the
Robert Francis Group (a well-known application development analyst group) wrote: “The lack of application security requirements and associated poor security focus in the development process can cripple business application security leading to significant revenue loss and perhaps liability claims from anyone impacted by this oversight. IT executives should review application development processes and direct development teams to build in security, rather than consider it after the application deployment.”
This course gives executives and managers the education and practical guidance they need to ensure that software projects properly address security. The course is designed to provide a firm understanding of the importance of software security, the critical security activities required within the software development lifecycle, and how to efficiently manage security issues during development and maintenance. This understanding is reinforced through industry awareness and live demonstrations of commonly found vulnerabilities in software.
Audience
The intended audience for this course is: Program Managers, Account Managers, Functional/Resource Application Managers, Technical Program/Project Managers (Chief Engineers), Executives, Directors, and Key/Technical Decision Makers
Registration
Registration is available via the OWASP Conference Cvent site at:
Tutorial Provider
This tutorial is provided by longtime OWASP contributor:
T5. Application Security Forensics- 1-Day Course - Oct 10, 2008
Course Overview
How would you respond to a application security hack? This course will provide insight into the world or forensics with a focus on Web Application Security
Registration
Registration is available via the OWASP Conference Cvent site at:
Tutorial Provider
This category currently contains no pages or media.