Jim Manico (VP Security Architecture, WhiteHat Security)

HITB LAB TITLE:  Secure Coding: Web and Mobile

HITB LAB ABSTRACT:

We cannot hack or firewall our way secure. Application programmers need to learn to code in a secure fashion if we have any chance of providing organizations with proper defenses in the current threat-scape.

This 120 minute lab-workshop-bootcamp will discuss, demonstrate and interactively work with participants regarding the most important security-centric computer-programming techniques necessary to build low-risk web-based applications. We will then demonstrate attack techniques that bypass even some of the most modern web application defensive coding techniques and security standards. All digital copies of all course ware will be provided.

Our session includes:

1) HTTP Basics and Introduction to Application Security
2) Input Validation
3) SQL and other Injection
4) Access Control Design
5) XSS Defense
6) Advanced XSS Defense
7) Authentication and Session Management
8) CSRF
9) Secure SDLC and Security Architecture
10) Crypto Basics
11) Crypto Advanced
12) Mobile Security Basics
13) Webservice Security
14) Safe JSON parsing and sanitization

ABOUT JIM MANICO

Jim Manico is the VP of Security Architecture for WhiteHat Security, a web security firm. He authors and delivers developer security awareness training for WhiteHat Security and has a background as a software developer and architect. Jim is also a global board member for the Open Web Application Security Project (OWASP). He manages and participates in several OWASP projects, including the OWASP cheat sheet series, the OWASP Java HTML Sanitizer project, the OWASP Java Encoder Project and the OWASP JSON Sanitizer Project.