Secure Coding: Web & Mobile presented at HITBSecConf Amsterdam 2013

by Jim Manico,

Tags: Security

Summary : We cannot hack or firewall our way secure. Application programmers need to learn to code in a secure fashion if we have any chance of providing organizations with proper defenses in the current threat-scape.
This 120 minute lab-workshop-bootcamp will discuss, demonstrate and interactively work with participants regarding the most important security-centric computer-programming techniques necessary to build low-risk web-based applications. We will then demonstrate attack techniques that bypass even some of the most modern web application defensive coding techniques and security standards. All digital copies of all course ware will be provided.
Our session includes:
1) HTTP Basics and Introduction to Application Security
2) Input Validation
3) SQL and other Injection
4) Access Control Design
5) XSS Defense
6) Advanced XSS Defense
7) Authentication and Session Management
8) CSRF
9) Secure SDLC and Security Architecture
10) Crypto Basics
11) Crypto Advanced
12) Mobile Security Basics
13) Webservice Security
14) Safe JSON parsing and sanitization