Holistic Info-Sec for Web Developers

Duration: full day

Wed 9th:

  • $400: 10 spaces [ Buy Ticket ]
  • Free: 10 spaces [ CLOSED ]

Abstract

This training will be based on the contents of Kim's new book "Holistic Info-Sec for Web Developers", paid attendees will recieve a free copy of this book in PDF format.

Join Kim in the exploration into an insightful set of steps he has learned, from an architectural perspective down to the zeros and ones. Also providing insights of how attackers of your systems think.

We will also look at other tried and tested practices and processes for reducing security defects early. That is every Sprint for each Product Backlog Item (PBI). As an architect, engineer and security specialist, Kim will uncover how to identify the lowest hanging fruit (for the attackers) by taking a holistic approach (a 30,000′ view), then honing in on the areas with the highest security ratings, based on a tried and tested threat modelling process that allows you to discover and prioritise the defects most likely to be compromised by attackers of your systems.

We are going to look at automating (Security Test (Behaviour) Driven Development (STDD/SBDD)) some of the traditional manual based penetration testing methods often performed after go live and bringing them forward into parallel with your development cycles (Sprints).
Thus empowering Developers to do what was once only performed by deeply specialised security consultancies at the end of the project. Dramatically increasing the confidence we as developers have in what we are delivering, thus reducing the cost of change due to defects being found as they are introduced rather than at go live.

Requirements

  • Kali Linux (or something with the same tool-set) on some hardware, either physical or VM, plus tools detailed in my book.
  • Some virtualisation software able to run target .ISOs. I.E. VirtualBox or VMWare
  • Ideally (although not essential) a copy of my book to follow through if you are attending the free training