Application Security Page 26 of 45

The OWASP mobile top 10 list for applications is also under development. Encoding and escaping plays a vital role in defensive techniques against injection attacks.

The section starts off with the topic of deserialization security issue which is quickly rising to be a common attack amongst modern applications. We also cover the topic of DNS rebinding which lingers in the application world since practically the beginning of web applications. The focus then shift over to REST API and GraphQL API based Web services and APIs where these technologies exist in every modern applications and have lots of potential security pitfalls. We then extend the discussion into microservices architecture and the security implications of this modern architecture. Across all these technology topics we cover the common attacks and the current best practices in keeping them secure.

Protect sensitive data

Imagine you have just been hired by Luxor Inn and Suites, Inc., to join their software development team. The Director of Hotel Operations has commissioned a project for the team to develop an automated reservation system. Attendees will also get a DevSecOps-Lab used during the course. Dave van Stein is security and privacy consultant and DevOps enthusiast at Xebia. Acting as trainer, mentor, coach, and technical consultant he helps clients achieving a higher maturity level by integrating security and privacy controls into the Agile and DevOps way of working. If you want to remember something you can’t escape the rehearsal.

How do I download OWASP?

  1. Launch the installation wizard by double clicking on the downloaded executable file.
  2. Read the License agreement and click 'Accept' to continue the installation.
  3. Select 'Standard' or 'Custom' installation.
  4. Click 'Finish' to exit set up.

The OWASP Top Ten Proactive Controls describes the most important control and control categories that every architect and developer should absolutely, 100% include in every project. The OWASP Foundation, a 501 non-profit organization in the US established in 2004, supports the OWASP infrastructure and projects. Since 2011, OWASP is also registered as a non-profit organization in Belgium under the name of OWASP Europe VZW. Interpreting threats and providing actionable offensive and defensive best practices. Which provide additional guidance on how to embed security activities in agile organizations.

Other Decks in Programming

As automation is becoming a critical element of the development process, infrastructure and development components are built and maintained through configuration. The management of these configurations is crucial to the security of the application.

Coding functions and services to engage with front-end apps. Nithin was a trainer and speaker at events like AppSecDC-2019, owasp top 10 proactive controls AppSecUS-2018, SHACK-2019, AppSecCali-2019, DefCon-2019, BlackHat USA 2019, AppSecCali-2020 and many more.