Writing Secure Programs: Use OWASP As Your Guide
Use OWASP As Your Guide
Some popular programming languages today are considered managed, meaning the language itself takes care of memory and several other concerns that could lead to vulnerabilities. This does not mean, however, that programs written in that language are free of vulnerabilities. There are a number of practices that programmers may use that can lead to program vulnerabilities that may be exploited. This training will focus on some of the common vulnerabilities that are found in applications and how to write programs that avoid some of those mistakes using OWASP (Open Web Application Security Project) as your guide.
What you'll learn-and how you can apply it
By the end of this live, hands-on, online course, you’ll understand:
- The OWASP Top 10 Vulnerabilities
- How to remove vulnerabilities in your programming practices
- How to test your programs for vulnerabilities
And you’ll be able to:
- Identify programming practices that may lead to vulnerabilities
- Explain the top 10 vulnerabilities
- Remediate identified vulnerabilities
This training course is for you because...
- You’re a programmer/developer
- You work with Java, .NET, C or other similar languages
- You want to become security-oriented programmer
- You must have experience working in a programming language like Java, C#, C, C++, Python or other similar languages
- Read Secure Coding: Principles and Practices (book)
- Watch Secure coding practices and automated assessment tools (conference video)
- Read Securing Web Applications (report)
About your instructor
Ric Messier is an author, consultant, and educator who holds GCIH, GSEC, CEH, and CISSP certifications, and has published several books on information security and digital forensics. With decades of experience in information technology and information security, Ric has held the varied roles of programmer, system administrator, network engineer, security engineering manager, VoIP engineer, consultant, and professor. He is currently a Senior Information Security Consultant with FireEye Mandiant.
The timeframes are only estimates and may vary according to how the class is progressing
OWASP Top 10 (10 minutes)
- Presentation: OWASP tracks common programming practices that lead to security vulnerabilities. This will be a quick overview on the top 10 vulnerabilities and the programming practices that lead to them.
Input Validation (30 minutes)
- Presentation: Many vulnerabilities are ultimately a result of taking input from a user without properly ensuring it doesn’t contain unexpected values. This section will talk about practices for doing input validation.
- Exercise: Practice programming input validation techniques.
Access Control (30 minutes)
- Presentation: Access control is about authenticating users and then making sure they have the ability to get to the resources they need to get access to, and only those resources. This module will cover the basics of permissions and authentication since it’s a top item in the OWASP top 10.
- Break (5 minutes)
Serialization/Deserialization (25 minutes)
- Presentation: Serialization and deserialization is the process of bundling up data into a structured form and then returning the original data from the structured. This module covers some of the techniques that could be used for appropriate serialization and deserialization.
Memory Management (25 minutes)
- Presentation: Applications may dynamically allocate memory. This module is about best practices for memory management.