Hands on Avatao path on Java

Track:
When: Tue Eve-2
Where: DevSecCon
Organizers Gabor Pek Gabor Pek , Gergo Turcsanyi Gergo Turcsanyi , Mark Felegyhazi

What

The session runs on the avatao platform, an online tool that offers more than 500 hands-on IT security challenges developed by experts.Java is the language of business applications because of its robustness, ease of use and cross-platform capabilities. It’s the most prevalent language taught at universities and high schools. In this session, we will develop a web application from the beginning focusing on the security issues in each phase of the software development - from design to deployment. Participants should first analyze and exploit the vulnerabilities in the legacy application, then fix it and finally rewrite it using the Spring framework. We strongly recommend this session if you: * want to test and/or refresh your security knowledge * have never heard about ReDoS or Constraint-based SQL Attacks * want to see applications from the point of view of attackers and developers as well

Outcomes

By participating you’ll see some interesting security issues at design, development, testing and deployment phases of the SDLC. Hopefully you will understand why is it important to shift security as left as possible and see how Avatao could help you achieving this.