Ken van Wyk and I are teaching Building Secure Web Applications in Java/J2EE in Minneapolis, September 30 - October 2. The summary is below, if you would like more info please let me know. More details to follow.
Building Secure Web Applications in Java/J2EE Course Description This course teaches the students how to develop secure applications from the web front end through the middle tier and data and integration layers for today’s complex internetworked environment. Students will receive a deep and thorough understanding of the most prevalent and dangerous security defects in today’s applications, and what to do about them. Additionally, they will learn practical and actionable guidelines on how to remediate against these common defects in Java/J2EE and Web Services frameworks and how to test for them in their own applications. This class starts with a description of the security problems faced by today's software developer, as well as a detailed description of the Open Web Application Security Project’s (OWASP) “Top 10” security defects. These defects are studied in instructor-lead sessions as well as in hands-on lab exercises in which each student learns how to actually exploit the defects to “break into” a real web application. (The labs are performed in safe test environments.) Remediation techniques and strategies are then studied for each defect. Practical guidelines on how to integrate secure development practices into the software development process are then presented and discussed. Bring the concepts and hands on learning together, the class uses a case study to show how to design and architect security services for a real world application. Intended Audience The ideal student for this tutorial is a hands-on web application developer or architect who is looking for a fundamental understanding of today's best practices in secure software development. _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________