Mastering the 2022 OWASP Top Ten with Jim Manico
Dive deep into the latest web application security threats with a 2-day masterclass led by Jim Manico, a globally recognized expert in secure coding and application security.
This masterclass is designed for developers, security professionals, and technical leads who want to master the 2022 OWASP Top Ten and learn effective strategies to mitigate these critical security risks.
Agenda:
Day 1: Understanding the 2022 OWASP Top Ten
Session 1: Introduction to OWASP and the 2022 Top Ten
- Overview of OWASP and its mission
- Introduction to the 2022 OWASP Top Ten: What it is and why it matters
- The impact of the Top Ten on modern web applications
Session 2: Broken Access Control (A01:2022)
- Understanding access control vulnerabilities
- Real-world examples and case studies
- Defensive coding techniques to prevent broken access control
Session 3: Cryptographic Failures (A02:2022)
- Common pitfalls in implementing cryptography
- Best practices for secure cryptographic storage and transmission
- Case studies of cryptographic failures and their impacts
Session 4: Injection (A03:2022)
- SQL, NoSQL, and command injection explained
- Real-world examples and case studies
- Defensive coding techniques to prevent injection attacks
Session 5: Insecure Design (A04:2022)
- Principles of secure software design
- Identifying and mitigating design flaws early in the SDLC
- Case studies on insecure design
Day 2: Advanced Defense Strategies for the 2022 OWASP Top Ten
Session 6: Security Misconfiguration (A05:2022)
- Common security misconfigurations and their impacts
- Best practices for secure configuration management
- Automating security configuration checks
Session 7: Vulnerable and Outdated Components (A06:2022)
- Risks of using outdated or vulnerable components
- Strategies for managing component security
- Tools and techniques for maintaining up-to-date dependencies
Session 8: Identification and Authentication Failures (A07:2022)
- Implementing robust authentication mechanisms
- Secure session management practices
- Multi-factor authentication (MFA) and its importance
Session 9: Software and Data Integrity Failures (A08:2022)
- Ensuring the integrity of software and data
- Techniques for securing software supply chains
- Real-world examples of integrity failures and mitigation strategies
Session 10: Security Logging and Monitoring Failures (A09:2022)
- Importance of effective logging and monitoring
- Best practices for logging and monitoring setup
- Incident detection and response strategies
Session 11: Server-Side Request Forgery (SSRF) (A10:2022)
- Understanding SSRF vulnerabilities
- Real-world examples and impacts of SSRF attacks
- Defensive coding and configuration practices to prevent SSRF
Takeaways:
Participants will leave this masterclass with a comprehensive understanding of the 2022 OWASP Top Ten and practical skills to secure their applications against these critical vulnerabilities. Each attendee will receive detailed course materials, hands-on labs, and a certificate of completion.
Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also an investor/advisor for KSOC, Nucleus Security, Signal Sciences, and BitDiscovery. Jim is a frequent speaker on secure software practices, is a Java Champion, and is the author of 'Iron-Clad Java - Building Secure Web Applications' from Oracle Press. Jim also volunteers for OWASP as the project co-lead for the OWASP ASVS and the OWASP Proactive Controls.