Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Tuesday, June 28 • 09:00 - 17:00
Day 2/3 - OWASP Top 10: Exploitation and Effective Safeguards

Sign up or log in to save this to your schedule and see who's attending!

The OWASP Top 10 web application vulnerabilities has done a great job promoting awareness for the developers. Along with many cheat sheets, they provide valuable tools and techniques to web developers. But such a great source of information could be overwhelming for the programmer who wants to learn about security. This course aims at providing all web developers deep hands-on knowledge on the subject. To achieve this goal, participants will first learn the technical details about each OWASP Top 10 vulnerability. Then the instructor will give demos on how attacks are performed against each of them. After that, participants will use virtual machines and follow step by step procedures to launch attacks against a vulnerable web site. This step is key in understanding how exploitation works so they can later implement effective safeguards in their systems. Our experience is that participants who have had hands-on experience at exploiting vulnerabilities will always remember how to prevent them. Topics such as SSL Certificates, Password Management, the OWASP Top 10 web application vulnerabilities, SQL Injection Attacks, Broken Authentication and Session Management, Cross-Site Scripting (XSS), Insecure Direct Object References, Cross-Site Request Forgery (CSRF), Web Application Firewalls (WAF), Using a Vulnerability Scanner, Effective Code Review Techniques, Sniffing Encrypted Traffic, Online Password Guessing Attack and Account Harvesting will all be covered in this class.

Trainer
avatar for David Caissy

David Caissy

Penetration Tester, TRM Technologies Inc.
David Caissy is a web application penetration tester with in-depth developer and IT Security background spanning over 16 years. He has extensive experience in conducting vulnerability assessments and penetration tests as well as providing training globally, amongst numerous other teaching engagements. He has worked for a central bank, the Department of National Defense, various government agencies and private companies. David has been teaching... Read More →

Tuesday June 28, 2016 09:00 - 17:00
Bramante 05

Attendees (7)