This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP AppSec DC 2012/Training/Defense Against The Dark Arts - ESAPI"
| Line 4: | Line 4: | ||
'''Course Length: 2 Day''' | '''Course Length: 2 Day''' | ||
| − | This | + | It has been said that software engineering is 10% engineering and 90% art. Given the same set of technical specifications, two engineers will have drastically different methods of addressing those specifications. This is the beauty of innovation and forward thinking, and while it is this type of creative problem solving that has kept the technical industry lurching forward in large strides – it is also the boon of application security. Enter the Enterprise Security API – a central repository for engineers to solve security concerns in application code. I have said many times that it should not be the responsibility of the engineers cranking out code every day to design security controls. It is difficult to remain on the bleeding edge of Application Security and Software Engineering at the same time and even more difficult to bring these two disciplines together into a cohesive, reusable component that addresses the threats specific to an organization. |
| + | |||
| + | This course will illustrate the importance of having an Enterprise Security API and how to effectively design, build and deploy a solution that addresses the Threat Model of the single application or enterprise application portfolio. | ||
| + | |||
| + | Topics Include (but are not necessarily limited to) | ||
| + | * ESAPI Architecture | ||
| + | * Security Controls Overview | ||
| + | * OWASP Reference Implementations | ||
| + | * Designing Custom Controls | ||
| + | * Integrating with existing Applications | ||
| + | * Starting Fresh | ||
| + | * Enterprise Security Configuration | ||
| + | * Error Handling, Logging and Intrusion Detection/Prevention | ||
| + | * Authentication and Authorization | ||
| + | * Validation and Encoding | ||
| + | |||
==Student Requirements== | ==Student Requirements== | ||
| − | Laptop Required: | + | Laptop Required: <br/> |
| − | Students Need to Bring: | + | Students Need to Bring:<br/> |
| − | 1) Laptop with wireless network adapter | + | 1) Laptop with wireless network adapter<br/> |
| − | 2) VMWare Player | + | 2) VMWare Player<br/> |
==Objectives== | ==Objectives== | ||
| Line 17: | Line 32: | ||
1) What ESAPI is and what it isn't<br>2) How do I integrate ESAPI into an existing application?<br>3) How do I solve <problem> using ESAPI?<br><br>Additionally, each student will walk away with a set of fully reusable ESAPI components that they will be able to use in real world applications and a certificate of completion. | 1) What ESAPI is and what it isn't<br>2) How do I integrate ESAPI into an existing application?<br>3) How do I solve <problem> using ESAPI?<br><br>Additionally, each student will walk away with a set of fully reusable ESAPI components that they will be able to use in real world applications and a certificate of completion. | ||
==Instructor== | ==Instructor== | ||
| − | Chris Schmidt | + | [https://www.owasp.org/index.php/User:Chris_Schmidt Chris Schmidt] |
[[Category:AppSec_DC_2012_Training]] | [[Category:AppSec_DC_2012_Training]] | ||
{{:OWASP AppSec DC 2012 Footer}} | {{:OWASP AppSec DC 2012 Footer}} | ||
Revision as of 03:13, 26 January 2012
Registration Now OPEN! | Hotel | Schedule | Convention Center | AppSecDC.org
Description
Course Length: 2 Day
It has been said that software engineering is 10% engineering and 90% art. Given the same set of technical specifications, two engineers will have drastically different methods of addressing those specifications. This is the beauty of innovation and forward thinking, and while it is this type of creative problem solving that has kept the technical industry lurching forward in large strides – it is also the boon of application security. Enter the Enterprise Security API – a central repository for engineers to solve security concerns in application code. I have said many times that it should not be the responsibility of the engineers cranking out code every day to design security controls. It is difficult to remain on the bleeding edge of Application Security and Software Engineering at the same time and even more difficult to bring these two disciplines together into a cohesive, reusable component that addresses the threats specific to an organization.
This course will illustrate the importance of having an Enterprise Security API and how to effectively design, build and deploy a solution that addresses the Threat Model of the single application or enterprise application portfolio.
Topics Include (but are not necessarily limited to)
- ESAPI Architecture
- Security Controls Overview
- OWASP Reference Implementations
- Designing Custom Controls
- Integrating with existing Applications
- Starting Fresh
- Enterprise Security Configuration
- Error Handling, Logging and Intrusion Detection/Prevention
- Authentication and Authorization
- Validation and Encoding
Student Requirements
Laptop Required:
Students Need to Bring:
1) Laptop with wireless network adapter
2) VMWare Player
Objectives
Audience: Technical Skill Level: Intermediate
1) What ESAPI is and what it isn't
2) How do I integrate ESAPI into an existing application?
3) How do I solve <problem> using ESAPI?
Additionally, each student will walk away with a set of fully reusable ESAPI components that they will be able to use in real world applications and a certificate of completion.
Instructor
Gold Sponsors |
|
|
|
|
Silver Sponsors |
| |||
Small Business |
|
| ||
Exhibitors |
|
|
|
|
