OWASP AppSec India Conference 2008 Web 2.0 Security

Jump to: navigation, search

Web 2.0 Security


This class will cover common RIA security threats and vulnerabilities and it will provide specific guidance on how to develop RIA to defend against these threats and vulnerabilities. Training developers on secure coding practices offers one of highest returns on investment of any security investment by eliminating vulnerabilities at the source. Aspect's Building Secure RIA Course is designed to enable developers to use RIA technologies in their web applications without introducing security issues. The course provides detailed examples of 'what to do' and 'what not to do.' The course will use demonstrations, code examples, and spot-the-bug exercises to get developers engaged in the topic. Developers will leave with an understanding of how RIA attacks work, the impacts of successful attacks, and what to do to defend against them.

Course Overview

The course begins with an overview and a Web 2.0 introduction. The next section deals with exploring the AJAX and RIA surface attacks, followed by Authentication and Session control sections. Cross Site Request Forgery, Cross Site Scripting and Protecting Sensitive Data, are the next sections which are followed by Error Handling and Logging and References to round out the class.


If you are interested in participating in the hands on portion of the course, please bring a Wi-Fi enabled Windows based laptop.

About Instructor

Jason Li

Jason is a Senior Application Security Engineer at Aspect Security during which time he has performed code reviews, penetration testing and training at a variety of financial, commercial, and government institutions. He is a certified GIAC Secure Software Programmer in Java and before joining Aspect, he was a Java Software Developer and a Java course instructor for Johns Hopkins University. He is currently working on the OWASP UI Verification Project and along with Arshan Dabirsiaghi, he is a core developer of the OWASP AntiSamy Project. Jason received his Post-Master's in Computer Science with a concentration in Information Security from Johns Hopkins University and both his Master's and B.S in Computer Science from Cornell University.