Annual Computer Security Applications Conference (ACSAC) 2012

Full Program »

M3: Keeping Your Web Apps Secure: The OWASP Top 10 & Beyond

Monday, 3 December 2012
08:30 - 12:00


The Open Web Application Security Project (OWASP) Top 10 provides an overview of the most critical web application security risks. This tutorial introduces the OWASP Top 10 along with other risks, and discusses the techniques and practices to protect against them. References to software tools and other secure coding resources will also be provided. This tutorial is a must if you are developing web applications, managing developers, researching web security, or simply are a security enthusiast.

This course was sold out last year; register early!

Prerequisites. Some understanding of web application development may be helpful when discussing risk mitigation techniques.


  1. Introduction

Overview of the need for secure coding practices in web application development.

  1. The OWASP Top 10

From Injection and Cross-Site Scripting (XSS) to Insecure Cryptographic Storage and Cross-Site Request Forgery (CSRF) — we will cover OWASP's Top 10 Risks in detail — how these risks lead to vulnerabilities, and how to mitigate them.

  1. Beyond the Top 10

The Top 10 are not meant to be comprehensive, but to make developers aware of the most commonly encountered risks. Here we will cover additional risks and vulnerabilities that every web developer needs to be aware of, along with how to mitigate them.

  1. Gotchas, Pitfalls & Prevention

In addition to secure coding practices addressing potential vulnerabilities, there are still some underlying technologies that could result in unintended consequences. Learn about what these are and how to prevent them from being exploited.

  1. Web 2.0 & HTML5 Challenges

The latest web technologies present certain challenges when developing web applications. We review these challenges and how they can be addressed by applying what we know, along with a few new tricks.

  1. Security Tools & Resources

It's a half-day course, so you get lots of references to additional resources and tools.

About the Instructor:

Mr. Robert Zakon is a technology consultant and developer who has been programming web applications since the Web's infancy. In addition to developing web applications for web sites receiving millions of daily hits, he works with organizations in an interim CTO capacity, and advises corporations, non-profits and government agencies on technology, information, and security architecture and infrastructure. Robert is a former Principal Engineer with MITRE's Information Security Center, CTO of an Internet consumer portal and application service provider, and Director of a university research lab. He is a Senior Member of the IEEE, and holds BS & MS degrees from Case Western Reserve University in Computer Engineering & Science with concentrations in Philosophy & Psychology. His interests are diverse and can be explored at where his vitae is available.

Prior Feedback

Following are quotes from prior attendees of Mr. Zakon's web development security courses:

"Presented in a very structured format. Instructor knew his stuff. Good presentations."

"Very knowledgeable! Covered a lot of topics in a limited amount of time"

"The presenter was excellent. He didn't present an overload of information. The day went very quickly and I am leaving with a lot of valuable information"

"The slides were excellent - full of good code examples and explanations"

"Material that was presented was presented and covered well. Instructor is very knowledgeable"

"Handouts & presentation well organized & coordinated"

“Presenter was great.  Very knowledgeable, and did a good job giving a broad overview.”

“Speaker was dynamic and held my interest”


Powered by OpenConf®
Copyright©2002-2014 Zakon Group LLC