The major cause of webservice and web application insecurity is insecure software development practices. This highly intensive and interactive 2-day course provides essential application security training for web application/API developers, architects and Q/A staff. Both attack and defense theory will be covered.
The class is a combination of lecture, security testing demonstration and code review. Students will learn the most common threats against applications. More importantly, students will learn how to both code secure web solutions via defense-based code samples and conduct penetration testing.
Familiarity with the technical details of building web applications and web services from a software engineering point of view.
Any laptop that can run an updated web browser and "Burp Community Edition".
Day 1 of the course will focus on web application basics.
Day 2 of the course will focus on API secure coding, Identity, and other advanced topics.
The course will include several hacking and secure coding labs!
Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also an investor/advisor for KSOC, Nucleus Security, Signal Sciences, Secure Circle and BitDiscovery. Jim is a frequent speaker on secure software practices, is a member of the Java Champion community, and is the author of "Iron-Clad Java: Building Secure Web Applications" from Oracle Press. Jim also volunteers for the OWASP foundation as the project co-lead for the OWASP Application Security Verification Standard and the OWASP Proactive Controls. For more information, see http://www.linkedin.com/in/jmanico.
Georgia Weidman is a serial entrepreneur, penetration tester, security researcher, speaker, trainer, and author. She is a member of the CyberWatch Center's National Visiting Committee, on the board of advisors at Cybrary, and an Adjunct Professor at UMUC and Tulane University. She is a New America Cybersecurity Policy Fellow. She has presented or conducted training around the world and is regularly featured internationally in print and on television. She authored Penetration Testing: A Hands-On Introduction to Hacking. Georgia founded the security consulting firm Bulb Security and was awarded a DARPA Cyber Fast Track grant for her work in mobile device security culminating in the release of the Smartphone Pentest Framework. She founded Shevirah whose products assess and manage the risk of mobile devices in the enterprise and is a graduate of the Mach37 cybersecurity accelerator. She was the 2015 Women’s Society of CyberJutsu Pentest Ninja. She holds a MS in computer science and CISSP, CEH, and OSCP certifications.