OWASP

An Introduction to Web Application Security

Most developers, IT professionals, and auditors learn what they know about application security on the job, usually by making mistakes. Application security is just not a part of many computer science curricula today and most organizations have not focused on instituting a culture that includes application security as a core part of their IT security efforts. This powerful two (2) day course focuses on the most common web application security problems, including the OWASP Top Ten. The course will introduce and demonstrate hacking techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code.

Course Outline

 

Day 1

1.     Introduction to Information Security – A Primer

o    Information Security versus IT Security

o    Why Assess and Measure Security?

o    The Threats – Hackers, Crackers, and Accidents

o    Security Assessments

2.     The Anatomy of a Hack

o    Information Gathering

o    Research and Exploitation

o    Defacement, Backdoors, and Sniffing

o    Scrubbing and Covering the Tracks

3. What is OWASP?
4. Securing Web Applications
    4.1 - What are Web Applications?
    4.2 - Policy Frameworks
    4.3 - Secure Coding Principles
    4.4 - Threat Risk Modeling
    4.5 - Handling E-Commerce Payments
    4.6 - Phishing
    4.7 - Web Services
    4.8 - Cryptographic Primer

DAY 2

5. The Top 10 Vulnerability Areas
    5.1 - Cross Site Scripting (XSS)
    5.2 - Injection Flaws
    5.3 - Malicious File Execution
    5.4 - Insecure Direct Object Reference
    5.5 - Cross Site Request Forgery (CSRF)
    5.6 - Information Leakage and Improper Error Handling
    5.7 - Broken Authentication and Session Management
    5.8 - Insecure Cryptographic Storage
    5.9 - Insecure Communications
    5.10 - Failure to Restrict URL Access
6. Secure Coding Guidelines
7. OWASP Testing Framework

DAY 3

8. OWASP Tools Demonstration and Workshop

Training Consultant

 

Anton M. Bonifacio, CISSP, CISM, RHCE

 

Anton has been working in the field of Information Technology for the past eight years. He was one of the first Red Hat Certified Engineers in the Philippines. He also received his Certified Information Systems Security Professional (CISSP) credentials last 2006.  He recently passed his Certified Information Security Manager (CISM) exam, and was awarded with the CISM Top Scorer award for the December 2008 Examinations. He is a member of the board of directors of the Information Systems Security Society of the Philippines (ISSSP) and serves as an adviser to the Philippine Cyber-Security Taskforce.

 

Anton started his professional career as early as his undergraduate years in the University of the Philippines, Diliman while taking up Creative Writing, acting as a consultant and training instructor for Q-Linux Philippines and United Microsystems. He finished his Bachelor’s degree in Computer Science in Asia Pacific College and his Master’s Degree in Information Technology in De La Salle University Manila. He served as an in-house consultant for the Development Bank of the Philippines and its e-Government subsidiary, Data Center Inc., where he headed several open source and information security projects for various government agencies and private corporations such as the Armed Force of the Philippines and Philippine National Oil Company (PNOC) and also actively conducted lectures, seminars, and trainings on Information Security and Open Source. He served as a member of the Asia Pacific College faculty from 2006-2007 teaching technical courses such as Networking and UNIX. He also worked for Digitel Mobile Phils. Inc., Sun Cellular, as the head of Business Development and Solutions (BDS) under the ITGSM Division, focusing on Project Management, Business Development, IT Governance, Innovations, and Solutions Delivery.

Who should attend?

Information Security Officers, Risk Managers, Security Analysts, Developers and those interested in understanding web application issues.

Interested Project Managers and Senior Executives can also attend Day 1 of this course for a fee of P5,000 (Exlusive of VAT).

Duration: 3 days

Schedule: February 17 to 19, 2010

Time: 9am to 5pm

Venue: CEO Suite, 37th Flr. LKG Tower 6801 Ayala Ave. 1226 Makati City 
View Map

Course Fee: Php 16,800.00 (Inclusive of VAT)

Course fee is inclusive of handouts, certificate, snacks and lunch.  Please make all checks payable to Posh Marketing Services.

Please bring your laptop.

Register Now!

For more details, please call 443-POSH(7674) or text 0920-9826837 or 0922-8583538.  You can also email at jrocio@poshmarketingservices.com.

Cancellation of registration should be made seven working-days before the training date.  Otherwise, 50% of the training fee shall be charged.  No show during the training shall be charged 100% of the training fee.