Security for Developers
Security for Developers -
an Offensive Approach
(OWASP)
Audience:
Developers and software architects mostly.
Also useful for system administrators, technical managers and CISO
Also useful for system administrators, technical managers and CISO
Objectives
– Develop ”Out-of-box” thinking
– See security from an offensive perspective
– Learn best security practices and (most and least) common attacks
– Learn to defend your applications and infrastructure
– See security from an offensive perspective
– Learn best security practices and (most and least) common attacks
– Learn to defend your applications and infrastructure
Topics
Overview of Web Penetration Testing
OWASP Top Ten Web Vulnerabilities
API Top Ten vulnerabilities
Technical measures and best practices
OWASP Top 10 Mobile Vulnerabilities
HTTP Security Headers
JSON Web Tokens
Less-known web application vulnerabilities
Secure Coding. OWASP Application
Security Verification Standard (ASVS) – (optional)
Threat Modeling (optional)
Learning through practical examples
Learn by analyzing web applications with many vulnerabilities among which:
Injection
Broken Authentication
Sensitive Data Exposure
External Entities (XXE)
Broken Access Control
Security Misconfiguration
Cross-Site Scripting (XSS)
Insecure Deserialization
Using Components with Known Vulnerabilities
Insufficient Logging&Monitoring
Injection
Broken Authentication
Sensitive Data Exposure
External Entities (XXE)
Broken Access Control
Security Misconfiguration
Cross-Site Scripting (XSS)
Insecure Deserialization
Using Components with Known Vulnerabilities
Insufficient Logging&Monitoring