Abstract

Overview - We are conducting a n|u Humla session at Bangalore on OWASP TOP 5.
This will be a complete hands-on session where attendees will be introduced to Web application security.
We invite people who are really interested in Web Application Security.
This is a pre-invite based session and will be sending out invites only to 30 people.

Humla Champion - Satish works as a Secure Code Reviewer in a Software company. He has about 15 years of experience in IT domain. Major part of his work experience goes in to Web application developement and Security.
One of the chapter leader for NULL-Bangalore is interested in sharing knowledge on Owasp Top 5 issues.

Agenda -

Environment setup

OWASP 1 - Injection attacks - BBF(hands on)

OWASP 2 - Broken Auth/Session Mgmt - BBF(hands on)

OWASP 3 - XSS - BBF(hands on)

OWASP 4 - Insecure Direct object reference - BBF(hands on)

OWASP 5 - Security Misconfiguration - BBF(hands on)

Prerequisites -

  • Own Laptop or a computer with full privileged access (Avoid Company provided laptops with limited access).
  • Basic knowledge of Web application development
  • Basic knowledge on Client and Server concepts
  • Basic knowledge of mysql database

Hardware & Software Requirement

A Laptop with windows operating system that can run java and having 5Gb hard disk free space.

1) Download and install JDK 7
http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html

2) Download and install Mysql
http://dev.mysql.com/downloads/installer/

3) Download and install Eclipse
https://eclipse.org/downloads/packages/eclipse-ide-java-ee-developers/lunar

4) Download Tomcat and configure to Eclipse
http://tomcat.apache.org/download-70.cgi

What to Expect?

  • Its a basic level session to understand owasp top 5 issues.
  • In this workshop you would develop a small web-application then break that application and finally fix that application.
  • This process repeats to each of the top 5 issues.
  • This workshop gives end to end perspective of each owasp 5 issues.

Who can attend?

  • Any one who is interested in web application security.

Speaker

Satish Govindappa

Chapter lead for Null/Owasp - Bangalore. My interest are in developing security architecture for web based application.
I am developer turned security professional. I am source code reviewer in an MNC.
Web Pen-testing is the another area which i am interested

Timing

Starts at Saturday April 04 2015, 10:00 AM. The sessions runs for about 8 hours.

Resources