AppSec California 2020, January 21-24 at the Annenberg Beach House, Santa Monica, CA
Back To Schedule
Wednesday, January 22 • 9:00am - 5:00pm
Building Secure API's and Web Applications [Day 2 of 2]

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Course Abstract
The major cause of webservice and web application insecurity is insecure software development practices. This highly intensive and interactive 2-day course provides essential application security training for web application and webservice developers and architects.

The class is a combination of lecture, security testing demonstration and code review. Students will learn the most common threats against applications. More importantly, students will learn how to code secure web solutions via defense-based code samples.

As part of this course, we will explore the use of third-party security libraries and frameworks to speed and standardize secure development. We will highlight production quality and scalable controls from various
languages and frameworks. This course will include secure coding information for Java, PHP, Python, Javascript, and .NET programmers, but any software developer building web applications and webservices will benefit.

Student Requirements: Familiarity with the technical details of building web applications and web services from a software engineering point of view.

Laptop Requirements: Any laptop that can run an updated web browser and "Burp Community Edition".

The course will include several hacking and secure coding labs!

Day 2 of the course will focus on API secure coding, Identity, and other advanced topics:

- Webservice, Microservice and REST Security
- Authentication and Session Management
- Access Control Design
- OAuth 2 Security
- OpenID Connect Security
- HTTPS/TLS Best Practices
- 3rd Party Library Security Management
- Application Layer Intrusion Detection

avatar for Jim Manico

Jim Manico

Founder, Manicode Security
Jim Manico is the founder of Manicode Security, where he specializes in training software developers on secure coding and security engineering. He is actively involved in multiple ventures, serving as an investor/advisor for companies like SemGrep, Nucleus Security, Defect Dojo, KSOC... Read More →

Wednesday January 22, 2020 9:00am - 5:00pm PST
Club Room