Slide 1
Slide 1
Slide 1
Slide 1
Slide 1
Slide 1
Slide 1

ONLINE REGISTRATION CLOSES OCT 13TH AT 23:59 MYT

           

Walk in registrations at The InterContinental for the conference on 16th and 17th are still accepted (walk-in rate MYR1499).

For up-to-the-minute updates on #HITB2013KUL including on-site happenings during the event, please follow @hitbsecconf on Twitter.

TECH TRAINING 6 – BUILDING SECURE WEB AND MOBILE APPLICATIONS

TRAINER: Jim Manico (VP of Security Architecture, Whitehat Security)

CAPACITY: 20 pax

SEATS LEFT: COURSE CANCELLED

DURATION: 2 days (14th & 15th October 2013)

COST (per pax): MYR4999 (early bird) / MYR5999 (non early-bird)

OVERVIEW

The major cause of web insecurity is insecure software development practices.

This highly intensive and interractive 2-day course provides essential application security training for web application, webservice and mobile software developers and architects. The class is a combination of lecture, hands-on security testing and code review. Participants will not only learn the most common threats against applications, but more importantly they will learn how to also fix the problems and design secure web solutions via defense-based code samples and review.

This class will also highlight production quality API’s from various languages, frameworks, and 3rd party libraries that provide production quality and scalable security controls. This course will focus on Java and .NET programming, but any software developer building web applications will benefit. We provide free email support for life for all students. Digital copies of all course ware will be provided.

WHO SHOULD ATTEND

Any web application developer or architect, web security professionals and development managers who are tasked with building secure web applications, web services and mobile applications.

KEY LEARNING OBJECTIVES

  • How to build injection-safe server-side applications

  • How to build modern access control functionality for multi-tenant data-driven applications

  • How to build an injection safe user interface

  • How to build a secure authentication mechanism

  • How to store passwords securely

  • How to build multi-factor authentication mechanisms

  • Understanding the limits of HTTPS and what to do about it

  • How to implement multi-layered CSRF protection

  • How to implement modern security HTTP Headers

  • How to implement modern symmetric cryptographic storage

  • How to implement asymmetric crypto for encryption and non-repudiation

  • How to build security into various stages of the SDLC

  • How to build a secure mobile application

  • How to build a secure REST web service

COURSE AGENDA

DAY 1 (MORNING)

  • HTTP Basics and Introduction to Application Security

  • Input Validation

  • SQL and other Injection

DAY 1 (AFTERNOON)

  • Access Control Design

  • XSS Defense

  • Advanced XSS Defense

DAY 2 (MORNING)

  • Authentication and Session Management

  • CSRF/Clickjacking Defense

  • Secure SDLC and Security Architecture

DAY 2 (AFTERNOON)

  • Cryptographic Storage

  • Mobile Security Basics

  • Webservice Security

HARDWARE / SOFTWARE REQUIREMENTS

Any Windows machine or Virtual Machine with at least 4GB of RAM

ABOUT THE TRAINER

Jim Manico (VP Security Architecture, Whitehat Security)

Jim Manico is the VP of Security Architecture for WhiteHat Security, a web security firm. He authors and delivers developer security awareness training for WhiteHat Security and has a background as a software developer and architect. Jim is also a global board member for the Open Web Application Security Project (OWASP). He manages and participates in several OWASP projects, including the OWASP cheat sheet series, the OWASP Java HTML Sanitizer project, the OWASP Java Encoder Project and the OWASP JSON Sanitizer Project.

EVENT ORGANIZER

SUPPORTED AND ENDORSED BY

TITANIUM SPONSOR (SPEAKERS RECEPTION + POST CONFERENCE RECEPTION)

GOLD SPONSORS

SILVER SPONSORS

CTF SPONSOR

CTF PRIZE SPONSOR

INTERNET CONNECTIVITY PARTNER

ALCO_PWN SPONSOR (POST CONFERENCE RECEPTION)

HackWEEKDAY Official Ride Partner

SUPPORTING MEDIA

FRIENDS OF HITB

Copyright © 2013 Hack In The Box | http://www.hackinthebox.org