BUILDING SECURE OWASP-JSP APPLICATIONS

Using the OWASP top ten list, this course explains the vulnerability, provides samples of the flaw, provides solutions to protect the application, and provides tests to check site security.

Overview

This course guides the participant through the top ten security vulnerabilities of JSP websites.  Using the OWASP top ten list, this course explains the vulnerability, provides samples of the flaw, provides solutions to protect the application, and provides tests to check site security.

This course involves hand-on demonstrations and labs.

Audience

Participants should be experienced JSP developers.

Length

16 hours

Outline

Overview of the OWASP Project

  • Top Ten
    1. Cross Site Scripting
    2. Injection Flaws
    3. Malicious File Execution
    4. Insecure Direct Object Reference
    5. Cross Site Request Forgery
    6. Information Leakage and Improper Error Handling
    7. Broken Authentication and Session Management
    8. Insecure Cryptographic Storage
    9. Insecure Communications
    10. Failure to Restrict URL Access
  • Input Validation Best Practices
  • Conclusion