Java Web Application Secure Coding Workshop
2019-10-22, 13:15–16:15, Fischbach

Context-dependent output encoding? Prepared statement with bind variables? Disable external entity resolution? Storing passwords in salted hash format? If you are involved in Java development, come to my workshop and we will see together, why these are important from a security perspective!


Context-dependent output encoding? Prepared statement with bind variables? Disable external entity resolution? Storing passwords in salted hash format? If you are involved in Java development, come to my workshop and we will see together, why these are important from a security perspective!

Most vulnerabilities can be prevented by following secure coding best practices from the beginning of the development. As opposed to common misbeliefs, this does not make development more complex or longer. Secure coding becomes more expensive when it is an afterthought and you try to retroactively apply it on a project.

This workshop is meant for developers and security professionals alike. It is delivered by an information security professional with the purpose of demystifying web application secure coding.

During this hands-on workshop, we are going to see not only how common web application vulnerabilities can be prevented, but also common mitigation mistakes and why they are inefficient. We are going to fix together real-life vulnerabilities included, but not limited to:
- SQL injection (SQLi);
- XML injection (XXE);
- Cross-site scripting (XSS);
- Cross-site request forgery (CSRF);
- Authentication and authorization issues.

We are going to use Java, without putting too much emphasis on framework-specific aspects.

Technical requirements for the workshop:
- A laptop with at least 8 GB of RAM and 40-50 GB of free disk space.
- VMware Workstation, VMware Fusion or VMware Player installed.