The Open Web Application Security Project (OWASP) Los Angeles Chapter has teamed up with the Orange County, Inland Empire, San Diego, and San Francisco Bay Area chapters to bring you another great AppSec California. Join us and your peers for amazing talks and networking on January 22-25, 2019!
Tuesday, January 22 • 9:00am - 5:00pm
Building Secure API's and Web Applications with the OWASP Top Ten and ASVS [Day 1 of 2]

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Course Abstract

The major cause of webservice and web application insecurity is insecure software development practices. This highly intensive and interactive 2-day course provides essential application security training for web application and webservice developers and architects. The class is a combination of lecture, security testing demonstration and code review. Students will learn the most common threats against applications. More importantly, students will learn how to code secure web solutions via defense-based code samples. As part of this course, we will explore the use of third-party security libraries and frameworks to speed and standardize secure development. We will highlight production quality and scalable controls from various languages and frameworks. This course will include secure coding information for Java, PHP, Python, Javascript and .NET programmers, but any software developer building web applications and webservices will benefit.

Training Syllabus

Day 1 of the course will focus on web application basics

- Introduction to Application Security
- HTTP Security Basics
- CORS and HTML5 Considerations
- XSS Defense
- SQL and other Injection
- Cross Site Request Forgery
- Deserialization Security

Day 2 of the course will focus on API secure coding, Identity and other advanced topics

- Webservice, Microservice and REST Security
- Authentication and Session Management
- Access Control Design
- OAuth Security
- 3rd Party Library Security Management
- Application Layer Intrusion Detection
- OWASP Top Ten

We end day 2 with a competitive hacking lab. It's a very fun and informative way to end the course.

Upon Completion of this training, attendees will know:

This course will teach software developers the details of approximately 200 various web security requirements needed to build secure software. Please review the syllabus to review the many topics this course will cover.

Attendees should bring:

Any laptop that can run an updated web browser and "Burp Community Edition".

Pre-requisites for attendees:

Familiarity with the technical details of building web applications and web services from a
software engineering point of view.

avatar for Jim Manico

Jim Manico

Founder, Manicode Security
Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also an investor/advisor for BitDiscovery, Nucleus Security, Secure Circle and Signal Sciences. Jim is a frequent speaker on secure software practices... Read More →

Tuesday January 22, 2019 9:00am - 5:00pm
Club Room