SecAppDev 2022 Workshop Details
Building secure web applications
Friday June 17, 09:00 - 17:00
This highly intensive and interactive workshop provides essential application security training for every web developer. The class is a combination of lectures, security testing demonstrations, code review, and interactive threat modeling discussions. Students will learn the most common threats against applications. More importantly, students will learn how to code secure software via a variety of techniques such as secure design practices, defense-based coding, the use of security libraries and services, and the use of a variety of web security standards.
- Introduction to Application Security
- HTTP Security Basics
- Input Validation Basics
- SQL and other injection
- 3rd Party Library Security Management
- Competitive secure coding labs
Best practices for building secure modern web applications
Familiarity with the technical details of building web applications and webservices from a software engineering point of view.
Any laptop that can run an updated web browser and "Burp Community Edition".
SecAppDev is the most immersive application security course you have ever seenBook your seat now
CEO, Manicode Security
Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also an investor/advisor for KSOC, Nucleus Security, Signal Sciences, and BitDiscovery. Jim is a frequent speaker on secure software practices, is a Java Champion, and is the author of "Iron-Clad Java - Building Secure Web Applications" from Oracle Press. Jim also volunteers for OWASP as the project co-lead for the OWASP ASVS and the OWASP Proactive Controls.
Related web and api security sessions
Getting API authorization right
One-day workshop by Philippe De Ryck
Building secure APIs and microservices is hard, really hard. This workshop provides API developers with the necessary knowledge to assess and improve the security of their APIs. This workshop consists of a mixture of lectures, demos, interactive quizzes, and hands-on labs.
In this workshop, we explore common authorization failures in APIs and various defensive strategies, along with their trade-offs and pitfalls. We dive deep into API-specific topics, such as handling JSON Web Tokens (JWTs) and dealing with OAuth 2.0 access tokens. You will walk away with an actionable set of best practices.
Web and API security Thursday June 16, 09:00 - 17:00
Purple team AWS - Discoverer edition
One-day workshop by Abhay Bhargav
With companies moving and operating extensively on the AWS Cloud, security remains a key challenge.
This training is an extensive deep-dive into Attack, Detect and Defense implementations within AWS. The training is dedicated to cookbook-style “Attack, Detect and Defence” cyber-ranges.
The aim of this training is to take the participant through a journey of highly practical, scalable and granular knowledge of AWS offense, defense and security automation.
Web and API security Friday June 17, 09:00 - 17:00
Security of WebAssembly Applications
Lecture by Quentin Stiévenart
WebAssembly enables near-native performance for web applications. We will dive deep into the world of WebAssembly, with a focus on the security concerns that need to be addressed when developing WebAssembly applications.
Web and API security Schedule TBD