Integrating security in a webapp project: from the idea to going live

Jump to: navigation, search


A 1-day training covering 3 major topics related to integrating security in a software development project:

Good practices and tools at design stage (security requirements,secure design, threat modeling) Good practices and tools at implementation stage (secure coding practices and code review) Good practices and tools at verification stage (security validation) The entire training will follow a red-line based on a real-life HR web application project in which we will manage security and privacy aspects. Students will cover the entire lifecycle of the application, from analysis to deployment, and integrate good practices and tools based on OWASP material.

Trainers: Antonio Fontes, Switzerland Philippe Gamache, Canada Sébastien Gioria, France

Course format:

The training is composed of three modules, each consisting of three 45-minutes blocks (total: 9 blocks) Each module includes three blocks: theory, hands-on, validation/debriefing.


8:45-9:30, 9:40-10:25, 10:30-11:15 -> "design" module 11:30-12:30 -> lunch 12:45-13:30, 13:35-14:20, 14:25-15:10 -> "implementation" module 15:10-15:40 -> cookie break 15:40-16:25, 16:30-17:15, 17:20-18:05 -> "verification" module 18:10 -> closing session (debriefing/conclusions) We expect students to arrive around 8am and be able to leave around 6:30/7pm


Pre-requisites (required skills and material):

Bring your own laptop (recommended: dual-core system running VMWare/Virtualbox) Experience in web application development (hands-on will be in JAVA but do not require in-depth knowledge of the language) Understanding of a web application project lifecycle Understanding of well-known web application attacks (Top 10 attacks)