[SC-L] Building Secure Web Applications Training in Minneapolis

[Gunnar Peterson]

Ken van Wyk and I are teaching Building Secure Web Applications in Java/J2EE in 
Minneapolis, September 30 - October 2. The summary is below, if you would like 
more info please let me know. More details to follow.

Building Secure Web Applications in Java/J2EE

Course Description
This course teaches the students how to develop secure applications from the web 
front end through the middle tier and data and integration layers for today’s 
complex internetworked environment.  Students will receive a deep and thorough 
understanding of the most prevalent and dangerous security defects in today’s 
applications, and what to do about them.  Additionally, they will learn 
practical and actionable guidelines on how to remediate against these common 
defects in Java/J2EE and Web Services frameworks and how to test for them in 
their own applications.

This class starts with a description of the security problems faced by today's 
software developer, as well as a detailed description of the Open Web 
Application Security Project’s (OWASP) “Top 10” security defects.  These defects 
are studied in instructor-lead sessions as well as in hands-on lab exercises in 
which each student learns how to actually exploit the defects to “break into” a 
real web application.  (The labs are performed in safe test environments.)

Remediation techniques and strategies are then studied for each defect. 
Practical guidelines on how to integrate secure development practices into the 
software development process are then presented and discussed. Bring the 
concepts and hands on learning together, the class uses a case study to show how 
to design and architect security services for a real world application.

Intended Audience
The ideal student for this tutorial is a hands-on web application developer or 
architect who is looking for a fundamental understanding of today's best 
practices in secure software development.