Black Hat USA 2009 Weekday Training Session

July 27-28

Building Secure Web 2.0 Services

Aspect Security

Overview

This class will cover common Web 2.0 security threats and vulnerabilities and it will provide specific guidance on how to develop Web 2.0 applications to defend against these threats and vulnerabilities.

Training developers on secure coding practices offers one of highest returns on investment through eliminating vulnerabilities at the source. Aspect’s Building Secure Web 2.0 Course is designed to enable developers to use Web 2.0 technologies in their web applications without introducing security issues. The course provides detailed examples of ‘what to do’ and ‘what not to do.' The class is lead by an experienced developer and is delivered in a very interactive manner.

This course is intended to build on one of Aspect’s foundational secure coding courses. The course will use demonstrations, code examples, and spot-the-bug exercises to get developers engaged in the topic. Developers will leave with an understanding of how Web 2.0 attacks work, the impacts of successful attacks, and what to do to defend against them.

Trainer:

Aspect Security has been working with development teams around the country for years to help them identify, diagnose, and address security issues throughout the application development lifecycle. Through these efforts, they have learned the key practices that development and project managers, and key support personnel must know to achieve secure applications.

Aspect’s instructors are full-time application security specialists that spend the majority of their time working with clients to secure the nation’s most critical applications. Leveraging this practical experience brings the class to life. Students will gain valuable insight into lessons learned from other development organizations. Our instructors also make themselves available to you for application security questions after the course is complete.

Aspect is a founding OWASP Member and supports several OWASP projects. In particular, Aspect conceived the OWASP Top Ten project and led the effort to build the document. We also built WebGoat, ESAPI, Stinger, and CSRFGuard and donated them to the OWASP effort. Aspect personnel assist with the management of the OWASP Foundation and help run the OWASP AppSec conference series.

Jerry Hoff has taught over 20 classes in 2008 alone, for clients ranging from long term leading shipping and logistics management companies, a leading Government systems integrator, to private, financial, insurance and banking institutions. Jerry’s high energy and desire to make students understand the ramifications of NOT implementing good security practices and techniques are demonstrated within Aspect’s full range of application security classes that he teaches. Courses include the hands-on technical Java EE and .Net coding classes, the broader and technical Building and Testing Secure Web Applications class, the Web Building and Web Security Testing courses, and several specialty classes such as AJAX and Cold Fusion. Jerry also instructs at OWASP. One of many responses to Jerry’s classes states: “Knowledgeable instructor who could adapt discussions based on your development/deployment environment” .

Super Early: Ends Mar 15	Early: Ends May 1	Regular: Ends Jul 1	Late: Ends Jul 22	Onsite:
$2000	$2100	$2300	$2500	$2800