This full day hands-on software security workshop is being run by Laura Bell from in2securITy (http://www.in2security.org.nz/). The workshop is targeted at those with software development experience but limited security knowledge.
- Time/Date: 9am to 5pm, Friday 25th January. Please arrive just before 9.
- Location: Bracken Room at the Mercure, Dunedin (310 Princes St)
- What to bring: Laptop without any sensitive work stuff on it, VMWare Player installed and working, Pen and Paper. Lunch and morning/afternoon tea are provided.
9:00 Start and Introductions
Introduction to Security and Risk
A hands on and light hearted discussion based session in which we will understand what security means to us as software developers, how to think like an attacker and some fundamental themes/terms and considerations
Security in the Software Development Lifecycle
How to build security into projects and popular development lifecycles... without compromising on delivery, cost or sanity
Learning to Develop Securely
Building a training environment on a shoestring and where to go for information.
Introduction to the OWASP Top 10 Part 1
- Cross Site Scripting
- Broken Authentication/Session Management
Introduction to the OWASP Top 10 Part 2
- Insecure Object References
- Cross Site Request Forgery
- Security Misconfiguration
Introduction to the OWASP Top 10 Part 3
- Failure to Restrict URL Access
- Insecure Cryptographic Storage
- Insufficient Transport Layer Protection
- Unvalidated Redirects and Forwards
Wrap Up, Next Steps and Q&A
Got questions? Want to know more?