Black Hat USA 2009 Weekday Training Session

July 27-28

Building and Testing Secure Web Applications

Aspect Security

Overview

Training developers and software testers in application security offers one of the highest returns on investment of any security investment by eliminating vulnerabilities at the source. Aspect’s Building and Testing Secure Web Applications training raises developer awareness of application security issues and provides examples of ‘what to do’ and ‘what not to do.’ The class is lead by an experienced application security practitioner and is delivered in a very interactive manner.

This class includes hands-on exercises where the students get to perform security analysis and testing on a live web application. This specially designed environment includes deliberate flaws the students have find and diagnose flaws and learn to avoid them in their own code.

Trainer:

Aspect Security has been working with development teams around the country for years to help them identify, diagnose, and address security issues throughout the application development lifecycle. Through these efforts, they have learned the key practices that development and project managers, and key support personnel must know to achieve secure applications.

Aspect’s instructors are full-time application security specialists that spend the majority of their time working with clients to secure the nation’s most critical applications. Leveraging this practical experience brings the class to life. Students will gain valuable insight into lessons learned from other development organizations. Our instructors also make themselves available to you for application security questions after the course is complete.

Aspect is a founding OWASP Member and supports several OWASP projects. In particular, Aspect conceived the OWASP Top Ten project and led the effort to build the document. We also built WebGoat, ESAPI, Stinger, and CSRFGuard and donated them to the OWASP effort. Aspect personnel assist with the management of the OWASP Foundation and help run the OWASP AppSec conference series.

Jerry Hoff has taught over 20 classes in 2008 alone, for clients ranging from long term leading shipping and logistics management companies, a leading Government systems integrator, to private, financial, insurance and banking institutions. Jerry’s high energy and desire to make students understand the ramifications of NOT implementing good security practices and techniques are demonstrated within Aspect’s full range of application security classes that he teaches. Courses include the hands-on technical Java EE and .Net coding classes, the broader and technical Building and Testing Secure Web Applications class, the Web Building and Web Security Testing courses, and several specialty classes such as AJAX and Cold Fusion. Jerry also instructs at OWASP. One of many responses to Jerry’s classes states: “Knowledgeable instructor who could adapt discussions based on your development/deployment environment” .

David Wichers is the Chief Operating Officer (COO) of Aspect Security, a company that specializes exclusively in application security services. Dave has over twenty years of consulting experience in the information security field, providing consulting services to a wide variety of Commercial and Government customers. For the past ten years, he has been exclusively focused on application security, where he has performed code review and penetration testing of applications, taught over a hundred application security offerings, and spoke on various application security topics at conferences around the world. He has recently been focusing on Web Services Security and Security in Agile Development. Prior to founding Aspect Security, he ran the Application Security Services Group at Exodus Communications. Dave has a BSE in Computer Systems Engineering from Arizona State University and a Masters degree in Computer Science from the University of California at Davis, is a CISSP, a CISM, a member of the OWASP Board (www.owasp.org), a coauthor of the OWASP Top Ten and the OWASP Application Security Verification Standard (ASVS), and is the OWASP Conferences Chair.

Super Early: Ends Mar 15	Early: Ends May 1	Regular: Ends Jul 1	Late: Ends Jul 22	Onsite:
$1800	$1900	$2100	$2300	$2600