Black Hat USA 2009 Weekend Training Session

July 25-26

Security for Web Based Database Applications

Aspect Security

Overview:

Securing your web applications is becoming more and more important to organizations these days as the awareness of application security vulnerabilities and the proliferation of attacks continues to grow at a rapid pace. Databases frequently serve as core components of your web applications, containing your most critical and most sensitive data. Learning how to lock down your databases so they can protect the data that they provide and manage for the web applications that use them is critical to properly securing your web applications.

Training your database and software developers so they know how to secure the databases they are responsible for offers one of highest returns on investment of any security investment by eliminating vulnerabilities at the source. Aspect’s Security for Web Based Database Applications training course raises developer awareness of application security issues specific to the use of databases and provides examples of ‘what to do’ and ‘what not to do.' The class is lead by an experienced application and database security practitioner and is delivered in a very interactive manner.

This class includes hands-on exercises where the students get to perform security analysis and testing on a live web application supported by a back end database. This specially designed environment includes deliberate flaws the students have to find, diagnose, and fix. The class also uses SQL coding exercises to provide students with realistic hands-on secure database coding experience. Students gain hands-on experience using freely available web application security test tools to find and diagnose flaws and learn to avoid them in their own code.

Trainers:

Aspect Security has been working with development teams around the country for years to help them identify, diagnose, and address security issues throughout the application development lifecycle. Through these efforts, they have learned the key practices that development and project managers, and key support personnel must know to achieve secure applications.

Aspect’s instructors are full-time application security specialists that spend the majority of their time working with clients to secure the nation’s most critical applications. Leveraging this practical experience brings the class to life. Students will gain valuable insight into lessons learned from other development organizations. Our instructors also make themselves available to you for application security questions after the course is complete.

Aspect is a founding OWASP Member and supports several OWASP projects. In particular, Aspect conceived the OWASP Top Ten project and led the effort to build the document. We also built WebGoat, ESAPI, Stinger, and CSRFGuard and donated them to the OWASP effort. Aspect personnel assist with the management of the OWASP Foundation and help run the OWASP AppSec conference series.

David Wichers is the Chief Operating Officer (COO) of Aspect Security, a company that specializes exclusively in application security services. Dave has over twenty years of consulting experience in the information security field, providing consulting services to a wide variety of Commercial and Government customers. For the past ten years, he has been exclusively focused on application security, where he has performed code review and penetration testing of applications, taught over a hundred application security offerings, and spoke on various application security topics at conferences around the world. He has recently been focusing on Web Services Security and Security in Agile Development. Prior to founding Aspect Security, he ran the Application Security Services Group at Exodus Communications. Dave has a BSE in Computer Systems Engineering from Arizona State University and a Masters degree in Computer Science from the University of California at Davis, is a CISSP, a CISM, a member of the OWASP Board (www.owasp.org), a coauthor of the OWASP Top Ten and the OWASP Application Security Verification Standard (ASVS), and is the OWASP Conferences Chair.

Super Early: Ends Mar 15	Early: Ends May 1	Regular: Ends Jul 1	Late: Ends Jul 22	Onsite:
$1800	$1900	$2100	$2300	$2600