This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "WebAppSec.php: Developing Secure Web Applications"
Dallendoug (talk | contribs) (added link header) |
(updated description) |
||
| Line 9: | Line 9: | ||
Web applications are the new frontier of wide‐spread security breaches. This tutorial will guide through development practices to ensure the security and integrity of web applications, in turn protecting user data and the infrastructure the application runs on. Several attack types and risks will be reviewed (including OWASP’s Top 10), along with how the proper development practices can mitigate their damage. Although examples covered are PHP‐based, much of the content is also applicable to other languages. | Web applications are the new frontier of wide‐spread security breaches. This tutorial will guide through development practices to ensure the security and integrity of web applications, in turn protecting user data and the infrastructure the application runs on. Several attack types and risks will be reviewed (including OWASP’s Top 10), along with how the proper development practices can mitigate their damage. Although examples covered are PHP‐based, much of the content is also applicable to other languages. | ||
| + | |||
| + | This will be an updated, encore presentation of last year’s well received course. Following are quotes from prior ''WebAppSec.php'' attendees: | ||
| + | |||
| + | :: ''"Presented in a very structured format. Instructor knew his stuff. Good presentations."'' | ||
| + | |||
| + | :: ''"Very knowledgeable! Covered a lot of topics in a limited amount of time"'' | ||
| + | |||
| + | :: ''"The presenter was excellent. He didn't present an overload of information. The day went very quickly and I am leaving with a lot of valuable information"'' | ||
| + | |||
| + | :: ''"The slides were excellent - full of good code examples and explanations"'' | ||
| + | |||
| + | :: ''"Material that was presented was presented and covered well. Instructor is very knowledgeable"'' | ||
| + | |||
| + | :: ''"Handouts & presentation well organized & coordinated"'' | ||
==Student Requirements== | ==Student Requirements== | ||
| Line 14: | Line 28: | ||
==Objectives== | ==Objectives== | ||
| − | Skill: | + | Skill: Any - some knowledge of web development will be helpful |
Attendees will gain the knowledge required to develop secure web applications, along with an understanding of various attack types against web apps and how they are mitigated by the proper coding techniques. The main learning objectives are: | Attendees will gain the knowledge required to develop secure web applications, along with an understanding of various attack types against web apps and how they are mitigated by the proper coding techniques. The main learning objectives are: | ||
# Developing the skills for securely coding web applications | # Developing the skills for securely coding web applications | ||
# Reviewing existing web vulnerabilities and their impact | # Reviewing existing web vulnerabilities and their impact | ||
| − | # Understanding how the proper development techniques mitigates known and some unknown web | + | # Understanding how the proper development techniques mitigates known and some unknown web vulnerabilities |
| − | vulnerabilities | ||
==Instructor== | ==Instructor== | ||
| − | '''Instructor: Robert Zakon''' Robert Zakon is a technology consultant and developer who has been programming web applications since the Web's infancy. In addition to developing web applications for web sites receiving millions of daily hits, he works with organizations in an interim CTO capacity, and advises corporations, non‐profits and government agencies on technology, information, and security architecture and infrastructure. Robert is a former Principal Engineer with MITRE's Information Security Center, CTO of an Internet consumer portal and application service provider, and Director of a university research lab. He is a Senior Member of the IEEE, and holds BS & MS degrees from Case Western Reserve University in Computer Engineering & Science with concentrations in Philosophy & Psychology. His interests are diverse and can be explored at www.Zakon.org where his vitae is available. | + | '''Instructor: Robert Zakon''' Robert Zakon is a technology consultant and developer who has been programming web applications since the Web's infancy. In addition to developing web applications for web sites receiving millions of daily hits, he works with organizations in an interim CTO capacity, and advises corporations, non‐profits and government agencies on technology, information, and security architecture and infrastructure. Robert is a former Principal Engineer with MITRE's Information Security Center, CTO of an Internet consumer portal and application service provider, and Director of a university research lab. He is a Senior Member of the IEEE, and holds BS & MS degrees from Case Western Reserve University in Computer Engineering & Science with concentrations in Philosophy & Psychology. His interests are diverse and can be explored at [http://www.Zakon.org www.Zakon.org] where his vitae is available. |
| − | [[Category:AppSec_DC_2010_Training]] [[Category:Basic_Training | + | [[Category:AppSec_DC_2010_Training]] [[Category:Basic_Training]] |
Revision as of 14:45, 27 September 2010
Registration | Hotel | Walter E. Washington Convention Center
Description
Course Length: 1 Day
Web applications are the new frontier of wide‐spread security breaches. This tutorial will guide through development practices to ensure the security and integrity of web applications, in turn protecting user data and the infrastructure the application runs on. Several attack types and risks will be reviewed (including OWASP’s Top 10), along with how the proper development practices can mitigate their damage. Although examples covered are PHP‐based, much of the content is also applicable to other languages.
This will be an updated, encore presentation of last year’s well received course. Following are quotes from prior WebAppSec.php attendees:
- "Presented in a very structured format. Instructor knew his stuff. Good presentations."
- "Very knowledgeable! Covered a lot of topics in a limited amount of time"
- "The presenter was excellent. He didn't present an overload of information. The day went very quickly and I am leaving with a lot of valuable information"
- "The slides were excellent - full of good code examples and explanations"
- "Material that was presented was presented and covered well. Instructor is very knowledgeable"
- "Handouts & presentation well organized & coordinated"
Student Requirements
None
Objectives
Skill: Any - some knowledge of web development will be helpful
Attendees will gain the knowledge required to develop secure web applications, along with an understanding of various attack types against web apps and how they are mitigated by the proper coding techniques. The main learning objectives are:
- Developing the skills for securely coding web applications
- Reviewing existing web vulnerabilities and their impact
- Understanding how the proper development techniques mitigates known and some unknown web vulnerabilities
Instructor
Instructor: Robert Zakon Robert Zakon is a technology consultant and developer who has been programming web applications since the Web's infancy. In addition to developing web applications for web sites receiving millions of daily hits, he works with organizations in an interim CTO capacity, and advises corporations, non‐profits and government agencies on technology, information, and security architecture and infrastructure. Robert is a former Principal Engineer with MITRE's Information Security Center, CTO of an Internet consumer portal and application service provider, and Director of a university research lab. He is a Senior Member of the IEEE, and holds BS & MS degrees from Case Western Reserve University in Computer Engineering & Science with concentrations in Philosophy & Psychology. His interests are diverse and can be explored at www.Zakon.org where his vitae is available.
