Tutorial T6 – Keeping Your Web Apps Secure: The OWASP Top 10 & Beyond
Mr. Robert H'obbes' Zakon, Zakon Group LLC
Tuesday, December 7th, Half Day
The Open Web Application Security Project (OWASP) Top 10 provides an overview of the most critical web application security risks. This tutorial introduces the OWASP Top 10 (2010 edition) along with other risks, and discusses the techniques and practices to protect against them. References to software tools and other secure coding resources will also be provided. This tutorial is a must if you are developing web applications, managing developers, researching web security, or simply are a security enthusiast.
Outline
- Introduction. Overview of the need for secure coding practices in web application development.
- The OWASP Top 10. From Injection and Cross-Site Scripting (XSS) to Insecure Cryptographic Storage and Cross-Site Request Forgery (CSRF) — we will cover OWASP's Top 10 Risks in detail — how these risks lead to vulnerabilities, and how to mitigate them.
- Beyond the Top 10. The Top 10 are not meant to be comprehensive, but to make developers aware of the most commonly encountered risks. Here we will cover additional risks and vulnerabilities that every web developer needs to be aware of, along with how to mitigate them.
- Gotchas, Pitfalls & Prevention. In addition to secure coding practices addressing potential vulnerabilities, there are still some underlying technologies that could result in unintended consequences. Learn about what these are and how to prevent them from being exploited.
- Security Tools & Resources. It's a half-day course, so you get lots of references to additional resources and tools.
Prerequisites
Some understanding of web application development may be helpful when discussing risk mitigation techniques.
About the Instructor
Mr. Robert Zakon is a technology consultant and developer who has been programming web applications since the Web's infancy, over 15 years ago. In addition to developing web applications for web sites receiving millions of daily hits, he works with organizations in an interim CTO capacity, and advises corporations, non-profits and government agencies on technology, information, and security architecture and infrastructure. Robert is a former Principal Engineer with MITRE's infosec group, CTO of an Internet consumer portal and application service provider, and Director of a university research lab. He is a Senior Member of the IEEE, and holds BS & MS degrees from Case Western Reserve University in Computer Engineering & Science with concentrations in Philosophy & Psychology. His interests are diverse and can be explored at www.Zakon.org.
Prior Feedback
Following are quotes from prior attendees of Mr. Zakon's web development security tutorials: