Build, Break, Fix Java Web Applications
WORKSHOP ABSTRACT / OBJECTIVE
Most of the Web Application pen testers perform vulnerability analysis from Blackbox perspective, such approach cannot guarantee complete coverage of the vulnerabilities in the applications. It is very much important to acquire knowledge on Whitebox strategies. This workshop would be beneficial for people who would like to initiate secure code review or secure code development careers in the Java web application area.
There will be 4 sessions. In the first session, people would be developing an insecure application using servlets, JSP, JDBC and MySQL. In the second and third sessions, participants would be finding and exploiting all the top10 vulnerabilities. In the final session, participants would be writing a secure code to transform the existing insecure application to a secure application.
COURSE CONTENT (TOC)
- Building an Insecure Java Web Application
- Finding and Exploiting OWASP top 10 vulnerabilities
- Fixing OWASP Top 10 vulnerabilities in the insecure application to make it secure application
PRE-REQUISITE
- Basic understanding on Core Java and JSP, Servlets
- Basic understanding of OWASP top 10 and web vulnerabilities
- Passion to code and find bugs in code
PARTICIPANTS REQUIREMENTS
Hardware
- JAVA web application development environment should be available (Intellij IDE, Mysql, Tomcat)
- Laptop with minimum 8GB RAM and admin privileges to install tools.
WHO SHOULD ATTEND
Beginners who wish to improve their secure coding skills or secure code review skills
WHAT TO EXPECT:
- Complete understanding of Java Web Application vulnerabilities from whitebox perspective.
WHAT NOT TO EXPECT:
- Basic Core Java programming.
SPEAKER PROFILES:
Santosh Gulivindala, security engineer who has 10+ yrs experience in Web & Mobile application Security. Worked across multiple projects in various domains like Banking, Insurance, Government Sector, Health, Ecommerce,Independent platforms security. Passionate about delivering trainings on web application and mobile applicationsecurity from a whitebox perspective.