Tutorial

Secure Your Web Apps: OWASP Top 10 2007

Andrew van der Stock, OWASP Guide Project Lead, OWASP

Track: Security
Date: Tuesday, July 25
Time: 1:30pm - 5:00pm
Location: Portland 255

Imagine if your average motivated attacker has had enough of defacing poorly secured boxes, and instead wants to retire to the Caribbean for a life of crime and World of Warcraft. Serious money is required for such dreams.

Attacking network devices and firewalls doesn't earn this sort of money. Instead, clever attackers will choose poorly secured applications, as it is the only technical layer that deals with money. Unluckily for us, this is also the least understood and least secured part of any system.

In this tutorial, van der Stock will take you through the ten most important web application security topics, targeting proactive steps you can take to avoid losing actual money or reputation.

There will be plenty of demos showing why the OWASP Guide 2.1 is the best way to secure applications, by using real applications seemingly untouched by this new fangled "web application security" fad.

If you want to learn how to attack web apps, this is not the course for you. If you want to learn how to write secure code and protect shareholder value, company reputation, and, of course, not lose money, this is the definitely the right session.