Breaking and Fixing Web Applications Security
by Ken van Wyk
download a PDF brochure 
Description
This rapid immersion class is for experienced Web application software developers who want to take a quick but deep dive into the biggest Web application security issues. The class is built extensively around a series of hands-on lab exercises in which the students first learn first-hand the details of today’s biggest Web application security defects and how to exploit them. This is immediately followed by a set of labs in which the students learn to remediate those same defects by implementing appropriate fixes in a JavaEE-based Web application. This rapid fire approach to breaking and then fixing the security on an actual Web application enables students to deeply understand and internalize the biggest security problems faced by today’s Web application developers.
Requirements: In order to be able to participate in the hands-on exercises, each student will need a laptop computer capable of running a VirtualBox-based Linux virtual machine (provided). We recommend all laptops have local application installation privileges, 8 Gb RAM, and another 20 Gb of disk storage available. If local application installation is not feasible, an installed current version of VirtualBox (www.virtualbox.org) is required to be installed prior to the class.
What you will learn
- How to find and exploit common security defects in modern Web applications
- A detailed working knowledge of the OWASP Top-10 (and other) Web application security defects
- How to remediate a Web application to secure it against the most common security defects in web applications
- A detailed working knowledge of how to design and implement security remediations into Web applications. (Class examples are in Java, but easily applied in most modern Web languages.)
Main Topics
- Breaking Web application security
- Fixing Web application security
- Putting into practice