Loading…
Registration is NOW Open
Marriott Wardman Park
2660 Woodley Rd NW
Washington DC, District of Columbia 20008 USA
Phone: 1-202-328-2000 

Book Now 
*discount rates expire August 19, 2019
Tuesday, September 10 • 9:00am - Wednesday, September 11 • 5:00pm
Secure Coding with the OWASP Top Ten

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
The major cause of API and web application insecurity is insecure software development practices. This highly intensive and interactive 2-day course provides essential application security training for web application and API developers and architects.
The class is a combination of lecture, security testing demonstration and code review. Students will learn the most common threats against applications. More importantly, students will learn how to code secure web solutions via defense-based code samples.
As part of this course, we will explore the use of third-party security libraries and frameworks to speed and standardize secure development. We will highlight production quality and scalable controls from various languages and frameworks. This course will include secure coding information for Java, PHP, Python, Javascript, and .NET programmers, but any software developer building web applications and API's will benefit

Student Requirements: Familiarity with the technical details of building web applications and API's from a software engineering point of view.
Laptop Requirements: Any laptop that can run an updated web browser and intercepting proxy tool.

Day 1 of the course will focus on web application basics.
  •  Introduction to Application Security
  • Introduction to Security Goals and Threats
  • HTTP Security Basics
  • CORS and HTML5 Considerations
  • XSS Defense
  • Content Security Policy
  • Intro to Angular.JS Security
  • Intro to React.JS Security
  • SQL and other Injection
  • Cross-Site Request Forgery
  • File Upload and File IO Security
  • Deserialization Security
  • Input Validation Basics
  • OWASP Top Ten 2017
  •  OWASP ASVS 4.0

Day 2 of the course will focus on API secure coding, Identity, and other advanced topics.
  • Webservice, Microservice and REST Security
  •  Authentication and Session Management
  •  Access Control Design
  •  OAuth 2 Security
  •  OpenID Connect Security
  •  HTTPS/TLS Best Practices
  •  3rd Party Library Security Management
  •  Application Layer Intrusion Detection
  •  Secure SDLC
We end day 2 with a competitive hacking lab and secure coding lab. It's a fun and informative way to end the course.

Please note this course will cover the requested DC conference topics:
  • Novel web vulnerabilities and countermeasures
  • New technologies, paradigms, tools
  • OWASP tools or projects in practice
  • Secure development: frameworks, best practices, secure coding, methods, processes, SDLC
  • Browser security
  • REST/SOAP security
  • Security of frameworks
  •  Effects of UX on security
  •  Management topics in Application Security: Business Risks, Managing SDLC


Speakers
avatar for Jim Manico

Jim Manico

Founder, Manicode Security
Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also an investor/advisor for KSOC, Nucleus Security, Signal Sciences, Secure Circle and BitDiscovery. Jim is a frequent speaker on secure software practices... Read More →


Tuesday September 10, 2019 9:00am - Wednesday September 11, 2019 5:00pm
Lincoln 4