Javascript on your browser is not enabled.

Build, Break, Fix Java Web Applications

Build, Break, Fix Java Web Applications

by Santosh Gulivindala, Security Engineer, ServiceNow   
10 November, 2021 9:30 IST - 14:00 IST

WORKSHOP ABSTRACT / OBJECTIVE

Most of the Web Application pen testers perform vulnerability analysis from Blackbox perspective, such approach cannot guarantee complete coverage of the vulnerabilities in the applications. It is very much important to acquire knowledge on Whitebox strategies. This workshop would be beneficial for people who would like to initiate secure code review or secure code development careers in the Java web application area.


There will be 4 sessions. In the first session, people would be developing an insecure application using servlets, JSP, JDBC and MySQL. In the second and third sessions, participants would be finding and exploiting all the top10 vulnerabilities. In the final session, participants would be writing a secure code to transform the existing insecure application to a secure application.

COURSE CONTENT (TOC)

  • Building an Insecure Java Web Application
  • Finding and Exploiting OWASP top 10 vulnerabilities
  • Fixing OWASP Top 10 vulnerabilities in the insecure application to make it secure application

PRE-REQUISITE

  • Basic understanding on Core Java and JSP, Servlets
  • Basic understanding of OWASP top 10 and web vulnerabilities
  • Passion to code and find bugs in code

PARTICIPANTS REQUIREMENTS

Hardware

  • JAVA web application development environment should be available (Intellij IDE, Mysql, Tomcat)
  • Laptop with minimum 8GB RAM and admin privileges to install tools.

WHO SHOULD ATTEND

Beginners who wish to improve their secure coding skills or secure code review skills

WHAT TO EXPECT:

  • Complete understanding of Java Web Application vulnerabilities from whitebox perspective.

WHAT NOT TO EXPECT:

  • Basic Core Java programming.

SPEAKER PROFILES:

Santosh Gulivindala, Security Engineer , ServiceNow

Santosh G

Santosh Gulivindala, security engineer who has 10+ yrs experience in Web & Mobile application Security. Worked across multiple projects in various domains like Banking, Insurance, Government Sector, Health, Ecommerce,Independent platforms security. Passionate about delivering trainings on web application and mobile applicationsecurity from a whitebox perspective.



CONFERENCE 2021

c0c0n 2021 Online Conference

VENUE

c0c0n 2021 is a Virtual Conference

c0c0n 2021 Workshop Date

WORKSHOP

November 10-11

c0c0n Conference 2021

CONFERENCE

November 12-13

CONFERENCE PARTNERS

Kerala Police
ISRA
POLCYB

SPONSORS

c0c0n 2021 Supporters

Cochin Smart Mission Limited
Indian Oil Corporation
vensec
Petronet LNG
Federal Bank
CSB Bank
Bharat Petroleum Corporation Limited
Elastic Security Solution
GAIL (India) Ltd.
Netskope, your cloud security platform.
crowdstrike
Synthite
GEOJIT FINANCIAL SERVICES
Breaking Barriers - Lean In Circle
Cyber Security Global Alliance(CSGA)
WICCI Public Safety & Security Council, Bengal
Stories of Infosec Journeys
Chakolas