|
|
| Line 1: |
Line 1: |
| | __NOTOC__ | | __NOTOC__ |
| − | {{:OWASP AppSec DC 2012 Header}}
| + | Class Canceled |
| − | ==Description==
| |
| − | '''Course Length: 2 Day'''
| |
| − | | |
| − | It has been said that software engineering is 10% engineering and 90% art. Given the same set of technical specifications, two engineers will have drastically different methods of addressing those specifications. This is the beauty of innovation and forward thinking, and while it is this type of creative problem solving that has kept the technical industry lurching forward in large strides – it is also the boon of application security. Enter the Enterprise Security API – a central repository for engineers to solve security concerns in application code. I have said many times that it should not be the responsibility of the engineers cranking out code every day to design security controls. It is difficult to remain on the bleeding edge of Application Security and Software Engineering at the same time and even more difficult to bring these two disciplines together into a cohesive, reusable component that addresses the threats specific to an organization.
| |
| − | | |
| − | This course will illustrate the importance of having an Enterprise Security API and how to effectively design, build and deploy a solution that addresses the Threat Model of the single application or enterprise application portfolio.
| |
| − | | |
| − | Topics Include (but are not necessarily limited to)
| |
| − | * ESAPI Architecture
| |
| − | * Security Controls Overview
| |
| − | * OWASP Reference Implementations
| |
| − | * Designing Custom Controls
| |
| − | * Integrating with existing Applications
| |
| − | * Starting Fresh
| |
| − | * Enterprise Security Configuration
| |
| − | * Error Handling, Logging and Intrusion Detection/Prevention
| |
| − | * Authentication and Authorization
| |
| − | * Validation and Encoding
| |
| − | | |
| − | ==Student Requirements==
| |
| − | Laptop Required: <br/>
| |
| − | Students Need to Bring:<br/>
| |
| − | 1) Laptop with wireless network adapter<br/>
| |
| − | 2) VMWare Player<br/>
| |
| − | | |
| − | ==Objectives==
| |
| − | Audience: Technical
| |
| − | Skill Level: Intermediate
| |
| − | | |
| − | 1) What ESAPI is and what it isn't<br>2) How do I integrate ESAPI into an existing application?<br>3) How do I solve <problem> using ESAPI?<br><br>Additionally, each student will walk away with a set of fully reusable ESAPI components that they will be able to use in real world applications and a certificate of completion.
| |
| − | ==Instructor==
| |
| − | [https://www.owasp.org/index.php/User:Chris_Schmidt Chris Schmidt]
| |
| − | [[Category:AppSec_DC_2012_Training]]
| |
| − | {{:OWASP AppSec DC 2012 Footer}}
| |
