Skip to content
CEC Semenster Undefined

An Introduction to Web Application Security

Daniel Somerfield -
December 15,
2014
Web Application Security: Introduction to AppSec
This introductory session will touch on major AppSec concepts and definitions, and why having an AppSec strategy is critical for any company who has valuable data that is accessed either publicly on the internet or within the confines of the your company's network.
Course Resources
Special Educational Materials
Listen/Download Archive (mp3)
December 16,
2014
Web Application Security: Injection
Probably the best known and among the most dangerous of exploits, injection vulnerabilities can result in information disclosure, tampering, denial of service, and elevation of privilege. This session will mostly focus on SQL injection but will address others forms of injection including NOSQL database injection and OS command injection.
Course Resources
Special Educational Materials
Listen/Download Archive (mp3)
December 17,
2014
Web Application Security: Vulnerable Authentication & Session Management
Most web applications require some sort of authentication and authorization but how do credentials need to be protected while in transit and at rest? This class will address those issues as well as the tradeoffs between security and convenience that need to assessed and addressed.
Course Resources
Special Educational Materials
Listen/Download Archive (mp3)
December 18,
2014
Web Application Security: Cross-Site Scripting (Script Injection)
In order to prevent Cross-site Scripting (XSS) vulnerabilities from occurring, developers must be very careful about where data comes from and how it is rendered. On Day 4 we will talk about processes and strategies for avoiding this class of vulnerability.
Course Resources
Special Educational Materials
Listen/Download Archive (mp3)
December 19,
2014
Web Application Security: Secure Development Processes
Does your Software Development Lifecycle have a stage for discovery and mitigation of vulnerabilities? Is it at the beginning, the end, or throughout the process? ToDay we will address how to apply prevention and mitigation to your personal and company processes.
Course Resources
Special Educational Materials
Listen/Download Archive (mp3)
Instructor
Daniel Somerfield