Omnient

Security for Developers

Security for Developers -
an Offensive Approach
(OWASP)

Security for developers

Audience:

Developers and software architects mostly.
Also useful for system administrators, technical managers and CISO

Objectives

– Develop ”Out-of-box” thinking
– See security from an offensive perspective
– Learn best security practices and (most and least) common attacks
– Learn to defend your applications and infrastructure

Topics

Overview of Web Penetration Testing OWASP Top Ten Web Vulnerabilities API Top Ten vulnerabilities Technical measures and best practices OWASP Top 10 Mobile Vulnerabilities HTTP Security Headers JSON Web Tokens Less-known web application vulnerabilities Secure Coding. OWASP Application Security Verification Standard (ASVS) – (optional) Threat Modeling (optional)

Learning through practical examples

Learn by analyzing web applications with many vulnerabilities among which:
Injection
Broken Authentication
Sensitive Data Exposure
External Entities (XXE)
Broken Access Control
Security Misconfiguration
Cross-Site Scripting (XSS)
Insecure Deserialization
Using Components with Known Vulnerabilities
Insufficient Logging&Monitoring
Contact Form