Room 4

10:00 - 17:00 (UTC-05)

1 Day

The OWASP Top Ten for Developers

The major cause of webservice and web application insecurity is insecure software development practices. This highly intensive and interactive 4-hour seminar will provide essential application security training for web application and webservice developers and architects.


The class is a combination of lecture, security testing demonstration and code review. Students will learn the most common threats against applications. More importantly, students will learn how to code secure web and API solutions via defense-based code samples.

Our focus will be web application security basics.

  • OWASP Top Ten 2021
  • OWASP Top Ten Proactive Controls v3
  • OWASP ASVS 4.03/5.0

We'll be sure to cover all following categories as well..

A01:2021-Broken Access Control
A02:2021-Cryptographic Failure
A04:2021-Insecure Design
A05:2021-Security Misconfiguration
A06:2021-Vulnerable and Outdated Components
A07:2021-Identification and Authentication Failures
A08:2021-Software and Data Integrity Failures
A09:2021-Security Logging and Monitoring Failure
A10:2021-Server-Side Request Forgery


Familiarity with the technical details of building web applications and web services from a software engineering point of view.

Laptop Requirements

This seminar will be mostly lecture and demonstration. A laptop is not required but might be useful to take notes.

Jim Manico

Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also an investor/advisor for Nucleus Security, BitDiscovery, SecureCircle, and Inspectiv. Jim is a frequent speaker on software security practices, is a member of the Java Champion community, and is the author of "Iron-Clad Java: Building Secure Web Applications" from Oracle Press. Jim also volunteers for the OWASP foundation as the project lead for the OWASP Application Security Verification Standard and the OWASP Cheatsheet Series. For more information, see