You are here

DunSec Security Workshop Info

Overview

This full day hands-on software security workshop is being run by Laura Bell from in2securITy (http://www.in2security.org.nz/). The workshop is targeted at those with software development experience but limited security knowledge.

  • Time/Date: 9am to 5pm, Friday 25th January. Please arrive just before 9.
  • Location: Bracken Room at the Mercure, Dunedin (310 Princes St)
  • What to bring: Laptop without any sensitive work stuff on it, VMWare Player installed and working, Pen and Paper. Lunch and morning/afternoon tea are provided.

Itinerary

9:00 Start and Introductions

Introduction to Security and Risk

A hands on and light hearted discussion based session in which we will understand what security means to us as software developers, how to think like an attacker and some fundamental themes/terms and considerations

Security in the Software Development Lifecycle

How to build security into projects and popular development lifecycles... without compromising on delivery, cost or sanity

Morning Tea/Coffee

Learning to Develop Securely

Building a training environment on a shoestring and where to go for information.

Introduction to the OWASP Top 10 Part 1

  • Injection
  • Cross Site Scripting
  • Broken Authentication/Session Management

Lunch

Introduction to the OWASP Top 10 Part 2

  • Insecure Object References
  • Cross Site Request Forgery
  • Security Misconfiguration

Afternoon Tea/Coffee

Introduction to the OWASP Top 10 Part 3

  • Failure to Restrict URL Access
  • Insecure Cryptographic Storage
  • Insufficient Transport Layer Protection
  • Unvalidated Redirects and Forwards

Wrap Up, Next Steps and Q&A

Got questions? Want to know more?