Software Security Best Practices

From OWASP
Revision as of 09:51, 11 October 2010 by Benjamin Tomhave (Talk | contribs)

Jump to: navigation, search

468x60-banner-2010.gif

Registration | Hotel | Walter E. Washington Convention Center

Description

Course Length: 2 Days

This hands-on tutorial starts with a description of the security problems faced by today's software developer, as well as a detailed description of how defective software can be exploited. It goes on to provide a thorough description of the best practices available to prevent, detect, and remediate security problems in software. Next, the tutorial includes hands-on design review exercises to reinforce each of the concepts presented, together with dozens of examples of common coding errors (primarily in C/C++ and Java).

Student Requirements

All students will be expected to bring their own laptop running a copy of the OWASP Live CD. To expedite course delivery, students should test the functionality of the OWASP Live CD on their system prior to arrival. http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project

Specifically, please ensure that you're able to run the "AppSecEU May 2009 Release" of the OWASP Live CD, which can be downloaded either as an ISO, Virtual Box image, or VMWare image from: http://appseclive.org/node/45


Objectives

Skill: Intermediate

  1. In-depth understanding of the software security problem space
  2. Hands-on experience identifying and remediating OWASP Top 10 vulnerabilities
  3. Hands-on experience with common software security tools


Instructor

Instructor: Ben Tomhave is a Senior Security Analyst with Gemini Security Solutions in Chantilly, VA, specializing in solutions architecture, security planning, program development and management, and other strategic security solutions. He holds a MS in Engineering Management with an Information Security Management concentration from The George Washington University and is a CISSP.

His experience includes developing and delivering course materials internally and for the formal classroom environment. Course delivery covers areas such as security awareness, information security fundamentals, and application security. Ben has been specially trained and authorized to deliver this program by Ken van Wyk of KRvW Associates, LLC, to clients and AppSec DC 2010 students.]