This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Software Security Remediation: How to Fix Application Vulnerabilities
Registration | Hotel | Walter E. Washington Convention Center
Description
Course Length: 1 Day
This class teaches attendees how to fix security vulnerabilities in existing software. It provides a mix of discussion of project concerns for planning and managing remediation efforts with hands-on coding examples fixing specific vulnerabilities. Attendees will learn how to risk-rank vulnerabilities, estimate remediation tasks, perform coding fixes for vulnerabilities and demonstrate the effectiveness of fixes applied. The focus is on the practical: how to use limited resources to make significant improvements to the security of target applications. Code examples use the OWASP ESAPI Java and Microsoft Web Protection Library. Many classes teach developers how to build secure code from the ground up or teach security analysts how to test applications for security vulnerabilities. This class teaches developers and security analysts how to deal with their existing portfolio of insecure applications.
Student Requirements
Attendees will need laptops with the ability to run a VMWare image that will be provided.
Objectives
Skill: Intermediate
- How to scope and plan software security remediation projects
- Code-level techniques to fix code containing common vulnerabilities
- How to demonstrate the software security fixes were effective
Instructor
Instructor: Dan Cornell Dan Cornell has over twelve years of experience architecting and developing web-based software systems. As Principal of Denim Group, he leads the organization’s technology team overseeing methodology development and project execution for Denim Group’s customers. He also heads the Denim Group security research team, investigating the application of secure coding and development techniques to the improvement of web-based software development methodologies.