Difference between revisions of "OWASP AppSec DC 2012/Training/Defense Against The Dark Arts - ESAPI"

From OWASP
Jump to: navigation, search
Line 4: Line 4:
 
'''Course Length: 2 Day'''
 
'''Course Length: 2 Day'''
  
This course will focus on using the OWASP ESAPI for Java to solve real-world security issues. In the course students will learn how to leverage the ESAPI library to design and implement reusable security controls in an enterprise environment. This is a laptops out event and students will walk away with a toolkit of reusable components that they can use in real situation to solve security issues in Java applications.
+
It has been said that software engineering is 10% engineering and 90% art. Given the same set of technical specifications, two engineers will have drastically different methods of addressing those specifications. This is the beauty of innovation and forward thinking, and while it is this type of creative problem solving that has kept the technical industry lurching forward in large strides – it is also the boon of application security. Enter the Enterprise Security API – a central repository for engineers to solve security concerns in application code. I have said many times that it should not be the responsibility of the engineers cranking out code every day to design security controls. It is difficult to remain on the bleeding edge of Application Security and Software Engineering at the same time and even more difficult to bring these two disciplines together into a cohesive, reusable component that addresses the threats specific to an organization.
 +
 
 +
This course will illustrate the importance of having an Enterprise Security API and how to effectively design, build and deploy a solution that addresses the Threat Model of the single application or enterprise application portfolio.
 +
 
 +
Topics Include (but are not necessarily limited to)
 +
* ESAPI Architecture
 +
* Security Controls Overview
 +
* OWASP Reference Implementations
 +
* Designing Custom Controls
 +
* Integrating with existing Applications
 +
* Starting Fresh
 +
* Enterprise Security Configuration
 +
* Error Handling, Logging and Intrusion Detection/Prevention
 +
* Authentication and Authorization
 +
* Validation and Encoding
 +
 
 
==Student Requirements==
 
==Student Requirements==
Laptop Required:  
+
Laptop Required: <br/>
Students Need to Bring:
+
Students Need to Bring:<br/>
1) Laptop with wireless network adapter
+
1) Laptop with wireless network adapter<br/>
2) VMWare Player
+
2) VMWare Player<br/>
  
 
==Objectives==
 
==Objectives==
Line 17: Line 32:
 
1) What ESAPI is and what it isn't<br>2) How do I integrate ESAPI into an existing application?<br>3) How do I solve <problem> using ESAPI?<br><br>Additionally, each student will walk away with a set of fully reusable ESAPI components that they will be able to use in real world applications and a certificate of completion.
 
1) What ESAPI is and what it isn't<br>2) How do I integrate ESAPI into an existing application?<br>3) How do I solve <problem> using ESAPI?<br><br>Additionally, each student will walk away with a set of fully reusable ESAPI components that they will be able to use in real world applications and a certificate of completion.
 
==Instructor==
 
==Instructor==
Chris Schmidt
+
[https://www.owasp.org/index.php/User:Chris_Schmidt Chris Schmidt]
 
[[Category:AppSec_DC_2012_Training]]
 
[[Category:AppSec_DC_2012_Training]]
 
{{:OWASP AppSec DC 2012 Footer}}
 
{{:OWASP AppSec DC 2012 Footer}}

Revision as of 21:13, 25 January 2012

AppSecDC-468x60-banner-2012.jpg

Registration Now OPEN! | Hotel | Schedule | Convention Center | AppSecDC.org

Description

Course Length: 2 Day

It has been said that software engineering is 10% engineering and 90% art. Given the same set of technical specifications, two engineers will have drastically different methods of addressing those specifications. This is the beauty of innovation and forward thinking, and while it is this type of creative problem solving that has kept the technical industry lurching forward in large strides – it is also the boon of application security. Enter the Enterprise Security API – a central repository for engineers to solve security concerns in application code. I have said many times that it should not be the responsibility of the engineers cranking out code every day to design security controls. It is difficult to remain on the bleeding edge of Application Security and Software Engineering at the same time and even more difficult to bring these two disciplines together into a cohesive, reusable component that addresses the threats specific to an organization.

This course will illustrate the importance of having an Enterprise Security API and how to effectively design, build and deploy a solution that addresses the Threat Model of the single application or enterprise application portfolio.

Topics Include (but are not necessarily limited to)

  • ESAPI Architecture
  • Security Controls Overview
  • OWASP Reference Implementations
  • Designing Custom Controls
  • Integrating with existing Applications
  • Starting Fresh
  • Enterprise Security Configuration
  • Error Handling, Logging and Intrusion Detection/Prevention
  • Authentication and Authorization
  • Validation and Encoding

Student Requirements

Laptop Required:
Students Need to Bring:
1) Laptop with wireless network adapter
2) VMWare Player

Objectives

Audience: Technical Skill Level: Intermediate

1) What ESAPI is and what it isn't
2) How do I integrate ESAPI into an existing application?
3) How do I solve <problem> using ESAPI?

Additionally, each student will walk away with a set of fully reusable ESAPI components that they will be able to use in real world applications and a certificate of completion.

Instructor

Chris Schmidt


Gold Sponsors

Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors

SPL-LOGO-MED.png

Small Business

AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png

Exhibitors

link=http://www.codenomicon.com/ Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg