Tomorrow I leave for India to conduct a workshop at IIT Guwahati, a prestigious Indian university. I was invited by Vivek Ramachandran of Security Tube fame to lecture and provide a workshop on information security for ISEA (Indian Security Education & Awareness) which is a project organised by the Department of Information Technology of the Government of India.
The purpose of ISEA is to improve understanding of IT security so my first thought was that the OWASP Top 10 Risks is perfect for this so I’m going to explain the new 2010 release candidate list.
Here’s my talk abstract:
Introduction to web hacking. Information on how to detect, prevent and exploit the top ten most
common web vulnerabilities as specified by OWASP (Open Web Application Security Project). Practical
attack scenarios and demonstrations will be given for each of the classes of vulnerability. The 2010
OWASP Top 10 vulnerability classes are injection, cross site scripting (XSS), broken authentication
and session management, insecure direct object references, cross site request forgery (CSRF),
security misconfiguration, failure to restrict url access, unvalidated redirects and forwards,
insecure cryptographic storage, insufficient transport layer protection. Examples will be given in
PHP because it is the most common web language.
Interestingly enough, IIT is the Indian university joked about in the Dilbert cartoons, here’s a sample: