The major cause of web insecurity is insecure software development practices. Attendees will earn 8 CPE credits for participating in this highly intensive and interactive course which provides essential application security training for web application, webservice and mobile software developers and architects. Jim’s classes are a combination of lecture, security testing demonstration and code review. Students will learn the most common threats against applications.

Students will learn how to code secure web solutions via defense-based code samples. As part of this course, we will explore the use of third-party security libraries and frameworks to speed and standardize secure development.

Students should bring a basic laptop, tablet or smart phone that can read a PDF. The courseware will be distributed digitally.

Topics:

• HTTP Basics, SQL Injection
• Authentication
• XSS Defense, CSP
• Access Control
• Cross Site Request Forgery
• Applied Crypto Basics
• App Layer Intrusion Detection
• Webservice/Mobile Security
• Applied SSL