This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Bucharest AppSec Conference 2018 Training2

From OWASP
Revision as of 19:29, 8 August 2018 by Oana Cornea (talk | contribs)

Jump to: navigation, search

Training

Time Title Trainers Description
2 days training
24th and 25th of October
daily: 9:00 - 17:00

 Secure Web Applications in Java Cristian Serban and Lucian Suta Description:
Everybody is familiar with OWASP Top 10, but how is that applicable when you write Java web applications and web services using the Spring Framework? In this course we will look at the security features built into this commonly-used Java framework, how security holes in your application look from the point of view of a hacker, and how to apply security principles such as ‘defense in depth’ in order to build robust applications. Together we will build a web application in stages, adding successive layers of functionality and security, and in the process we will develop secure coding testing skills, uncover and protect against some of the most common vulnerabilities in Java code.

Topics covered: Day 1:

  • Simple REST API, database access, subresource integrity, CSP, parameter validation, output encoding, form-based login, access control, method security, CSRF

Day 2:

  • Remember me functionality, LDAP login, OAuth 2.0 login, custom authentication, CORS, SSL, self-signed certificates, Let’s Encrypt, hashing, encryption


Intended audience: software developers, security people with some programming experience
Skill level: HTTP (intermediate), Java programming (intermediate)
Requirements: laptop, JDK 8+, Maven, ZAP, GIT, some text editor such as Visual Studio Code
Seats available: 20 (first-come, first served)
Price: 650 euros/person
Register here

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Bucharest_AppSec_Conference_2018_Training2&oldid=242379"