Take this class
Click here to request this course on a different date.
This course is specifically designed to introduce your developers to common vulnerabilites, specifically those identified in the OWASP top 10 project. Now updated for 2010! There are many ways in which attackers can obtain data and exploiting vulnerabilities in custom application code is common.
This course guides the participant through security vulnerabilities from OWASP top ten list. The course explains the vulnerability, provides samples of the flaw, provides solutions to protect the application, and provides tests to check site security.
This course involves hand-on demonstrations and labs.
Audience
Participants should be experienced JSP developers.
Length:
Outline
- Overview of the OWASP Project
- Secure Coding Principles
- Top Ten
- Cross Site Scripting
- Injection Flaws
- Malicious File Execution (2007)
- Insecure Direct Object Reference
- Cross Site Request Forgery
- Information Leakage and Improper Error Handling
- Broken Authentication and Session Management
- Insecure Cryptographic Storage
- Insecure Communications
- Failure to Restrict URL Access
- Unvalidated Redirects
- Best Practices
- Whitelist vs Blacklist
- Regular Expressions
- Validation points & Frameworks
- Threat Risk Modeling
- Summary of E-Commerce Requirements
- Phishing Attacks
- Managing Access – Authentication & Authorization
- Conclusion