Masterclasses
GOTO Chicago 2019

Wednesday May 1
09:00 –
16:00
Location: 205

Building Secure API's and Web Applications

Student Requirements: Familiarity with the technical details of building web applications and web services from a software engineering point of view.

Description: The major cause of webservice and web application insecurity is a lack of secure software development knowledge and practices. This highly intensive and interactive 1-day workshop provides essential application security training for web application and webservice developers.

This workshop is a combination of lecture, security testing demonstration and code review. Students will learn the most common threats against applications. More importantly, students will learn how to code secure web solutions via defense-based code samples.

As part of this workshop, we will explore the use of third-party security libraries and frameworks to speed and standardize secure development. We will highlight production quality and scalable controls from various languages and frameworks. This course will include secure coding information for Java, PHP, Python, Javascript and .NET programmers, but any software developer building web applications and webservices will benefit.hop

Topic will include:

  • Introduction to Application Security
  • HTTP Security Basics
  • XSS Defense
  • Intro to Angular.JS Security
  • Intro to React.JS Security
  • SQL and other Injection
  • Cross Site Request Forgery
  • Input Validation Basics
  • OWASP Top Ten 2017
  • Introduction to API and Microservice Security

Who should attend this masterclass: Software engineers and support staff, application security professionals

Academic level: Intermediate to advanced

What is the take away in this masterclass:

  • Information about the design of secure software
  • Details on security models that drive the core of web standards
  • Understanding of many security coding design patterns
Jim Manico
OWASP Project Leader, AppSec Enthusiast and Java Champion
Organized by