Remote Testing For Common Web Application Security Threats presented at OWASP Appsec 2010

by David Rhoades (Maven Security Consulting Inc.),

Tags: Workshops

URL : http://www.owasp.org/index.php/Remote_Testing_for_Common_Web_Application_Security_Threats

Summary : The proliferation of web-based applications has increased the enterprise's exposure to a variety of threats. There are overarching steps that can and should be taken at various steps in the application's lifecycle to prevent or mitigate these threats, such as implementing secure design and coding practices, performing source code audits, and maintaining proper audit trails to detect unauthorized use.

This workshop will enable students to test the security of web-based applications from the perspective of the end user. Security testing helps to fulfill industry best practices and validate implementation. Security testing is especially useful since it can be done at various phases within the application's lifecycle (e.g. during development), or when source code is not available for review.

The most common threats and their potential impact will be covered (based on the industry standard OWASP "Top Ten" – see http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project). Hands-on labs and demonstrations will be used to teach the tools and techniques needed to remotely detect and validate the presence of these threats.

David Rhoades: David Rhoades is a senior consultant with Maven Security Consulting Inc. ([www.mavensecurity.com]). Maven Security Consulting Inc. is a Delaware corporation that provides information security assessments and training services to a global clientele. David’s expertise includes web application security, network security architectures, and vulnerability assessments. Past customers have included domestic and international companies in various industries, as well as various US government agencies. David has been active in information security consulting since 1996, when he began his career with the computer security and telephony fraud group at Bell Communications Research (Bellcore). David has taught at various security conferences around the globe, including for USENIX (www.usenix.org), MIS Training Institute ([www.misti.com]), and ISACA ([www.isaca.org]). David has a Bachelor of Science degree in Computer Engineering from the Pennsylvania State University (psu.edu).]]]