For Developers: Walkthrough of the OWASP Top 10 Web Application Security Vulnerabilities
This will be a full day walkthrough of the OWASP Top-Ten Web Application Security Vulnerabilities. What they are, how attackers exploit them, and how to prevent them by applying secure design principles and developing secure code. A crucial skill to acquire is learning to think like a bad guy. Rather than just following procedures and making assumptions about how the systems will be used by good people, assume your applications will be directly targeted by skilled and dedicated attackers. Develop a mind-set to handle those attackers by boundary validation at each trust point as well as the external frontier, by handling errors, logs, alerts, and reacting to attacks.
Attendees can expect a mixture of theory, brainstorming, and role-playing exercises as attackers and defenders to acquire practical skills for immediate use at work. We will work through testing a completely unprotected application, applying defences, circumventing those defences, then applying strong and effective vulnerability controls.