Tutorial T6 – Keeping Your Web Apps Secure: The OWASP Top 10 & Beyond

Mr. Robert H'obbes' Zakon, Zakon Group LLC

Tuesday, December 7th, Half Day

The Open Web Application Security Project (OWASP) Top 10 provides an overview of the most critical web application security risks. This tutorial introduces the OWASP Top 10 (2010 edition) along with other risks, and discusses the techniques and practices to protect against them. References to software tools and other secure coding resources will also be provided. This tutorial is a must if you are developing web applications, managing developers, researching web security, or simply are a security enthusiast.


  1. Introduction. Overview of the need for secure coding practices in web application development.
  2. The OWASP Top 10. From Injection and Cross-Site Scripting (XSS) to Insecure Cryptographic Storage and Cross-Site Request Forgery (CSRF) — we will cover OWASP's Top 10 Risks in detail — how these risks lead to vulnerabilities, and how to mitigate them.
  3. Beyond the Top 10. The Top 10 are not meant to be comprehensive, but to make developers aware of the most commonly encountered risks. Here we will cover additional risks and vulnerabilities that every web developer needs to be aware of, along with how to mitigate them.
  4. Gotchas, Pitfalls & Prevention. In addition to secure coding practices addressing potential vulnerabilities, there are still some underlying technologies that could result in unintended consequences. Learn about what these are and how to prevent them from being exploited.
  5. Security Tools & Resources. It's a half-day course, so you get lots of references to additional resources and tools.


Some understanding of web application development may be helpful when discussing risk mitigation techniques.

About the Instructor

Mr. Robert Zakon is a technology consultant and developer who has been programming web applications since the Web's infancy, over 15 years ago. In addition to developing web applications for web sites receiving millions of daily hits, he works with organizations in an interim CTO capacity, and advises corporations, non-profits and government agencies on technology, information, and security architecture and infrastructure. Robert is a former Principal Engineer with MITRE's infosec group, CTO of an Internet consumer portal and application service provider, and Director of a university research lab. He is a Senior Member of the IEEE, and holds BS & MS degrees from Case Western Reserve University in Computer Engineering & Science with concentrations in Philosophy & Psychology. His interests are diverse and can be explored at www.Zakon.org.

Prior Feedback

Following are quotes from prior attendees of Mr. Zakon's web development security tutorials:

"Presented in a very structured format. Instructor knew his stuff. Good presentations."

"Very knowledgeable! Covered a lot of topics in a limited amount of time"

"The presenter was excellent. He didn't present an overload of information. The day went very quickly and I am leaving with a lot of valuable information"

"The slides were excellent - full of good code examples and explanations"

"Material that was presented was presented and covered well. Instructor is very knowledgeable"

"Handouts & presentation well organized & coordinated"