This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Software Security Remediation: How to Fix Application Vulnerabilities

From OWASP
Revision as of 20:50, 10 November 2014 by Achim (talk | contribs) (category changed to OWASP/Training AppSec_DC_2010)

Jump to: navigation, search

468x60-banner-2010.gif

Registration | Hotel | Walter E. Washington Convention Center

Description

Course Length: 1 Day

This class teaches attendees how to fix security vulnerabilities in existing software. It provides a mix of discussion of project concerns for planning and managing remediation efforts with hands-on coding examples fixing specific vulnerabilities. Attendees will learn how to risk-rank vulnerabilities, estimate remediation tasks, perform coding fixes for vulnerabilities and demonstrate the effectiveness of fixes applied. The focus is on the practical: how to use limited resources to make significant improvements to the security of target applications. Code examples use the OWASP ESAPI Java and Microsoft Web Protection Library. Many classes teach developers how to build secure code from the ground up or teach security analysts how to test applications for security vulnerabilities. This class teaches developers and security analysts how to deal with their existing portfolio of insecure applications.

Student Requirements

Attendees will need laptops with the ability to run a VMWare image that will be provided.

Objectives

Skill: Intermediate

  1. How to scope and plan software security remediation projects
  2. Code-level techniques to fix code containing common vulnerabilities
  3. How to demonstrate the software security fixes were effective


Instructor

Instructor: Dan Cornell Dan Cornell has over twelve years of experience architecting and developing web-based software systems. As Principal of Denim Group, he leads the organization’s technology team overseeing methodology development and project execution for Denim Group’s customers. He also heads the Denim Group security research team, investigating the application of secure coding and development techniques to the improvement of web-based software development methodologies.