Building Secure APIs and Web Applications

Presented at BSidesSF 2019, March 2, 2019, 12:30 p.m. (330 minutes)

TO REGISTER FOR THIS WORKSHOP, GO [HERE](https://bsidessf.regfox.com/2019). NOTE THAT SPACE IS VERY LIMITED. The major cause of API and web application insecurity is insecure software development practices. This highly intensive and interactive course provides essential application security training for web application and API developers and architects. The class is a combination of lecture, security testing demonstration, and code review. Students will learn the most common threats against applications. More importantly, students will learn how to code secure web solutions via defense-based code samples. As part of this course, we will explore the use of third-party security libraries and frameworks to speed and standardize secure development. We will highlight production quality and scalable controls from various languages and frameworks. This course will include secure coding information for Java, PHP, Python, Javascript, and .NET programmers, but any software developer building web applications and webservices will benefit. Student Requirements: Familiarity with the technical details of building web applications and web services from a software engineering point of view.

Presenters:

  • Jimmy Mesta - Manicode Security
    Jimmy Mesta is an application security leader that has been involved in Information Security for nearly 10 years. He is the chapter leader of OWASP Santa Barbara and co-organizer of the AppSec California security conference. Jimmy has spent time on both the offense and defense side of the industry and is constantly working towards building modern, developer-friendly security solutions. Jimmy's core focus has been in application and cloud security with an emphasis on secure architecture, automated testing, developer training and defensive techniques.
  • Jim Manico - Manicode Security
    Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also an investor/advisor for BitDiscovery, Nucleus Security, Secure Circle and Signal Sciences. Jim is a frequent speaker on secure software practices, is a member of the Java Champion community, and is the author of "Iron-Clad Java: Building Secure Web Applications" from Oracle Press. Jim also volunteers for the OWASP foundation as the project co-lead for the OWASP Application Security Verification Standard and the OWASP Proactive Controls. For more information, see http://www.linkedin.com/in/jmanico.

Links:

Similar Presentations: