addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwchatcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-crosscrosseditemptyheartfacebookfolderfullheartglobegmailgoogleimagesinstagramlinklocation-pinmagnifying-glassmailminusmoremuplabelShape 3 + Rectangle 1outlookpersonplusprice-ribbonImported LayersImported LayersImported Layersshieldstartrashtriangle-downtriangle-uptwitteruseryahoo

Top ten web security controls that all developers need by Jim Manico

  • Feb 15, 2012 · 7:00 PM

This will be a joint LAPHP/LAMySQL groups meetup.

At our February meeting we will talk about your web application security, what do you need to know and top 10 controls to secure your application.

Citigroup, PBS, Sega, Nintendo, Gawker, AT&T, the CIA, the US Senate, NASA, Nasdaq, the NYSE, Zynga, and thousands of others have something in common ­ -- all have had their websites compromised in the last year. No company or industry is immune. It doesn't matter if a business is in financial services, retail, education, gaming, social networking, government, telecom, media or travel. Traditional security techniques from the world of operational or network security do not necessarily apply. Programmers need to learn to build websites differently. This talk will review the top coding techniques developers need to master in order to build a low-risk, high-security web application.


Our guest presenter will be Jim Manico, the VP of Security Architecture at WhiteHat Security. Jim provides secure coding and developer awareness training for WhiteHat using his 7+ years of experience delivering developer-training courses for SANS, Aspect Security and others. 

Jim brings 15 years of database-driven Web software development and analysis experience to WhiteHat. He has helped deliver Web-centric software systems for Sun Microsystem, Fox Media (MySpace), several Fortune 500's, and major NGO financial institutions. He holds expertise in a variety of areas, includingWeb-based J2EE development, thick-client and applet-based Java applications, hybrid Java, C++ and Flash applications, Web-based PHP applications, rich-media Web applications using advanced Ajax techniques, Python REST Webservice development, and Database technology using Oracle, MySQL and Postgres. A host of the OWASP Podcast Series, Jim is the committee chair of the OWASP Connections Committee and is a significant contributor to various OWASP projects. He is an original contributor and manager of the popular OWASP Cheatsheet Series.

Follow him on Twitter: @manicode. You can also follow the popular @owasp security twitter feed.

Admission is free. Refreshments and drinks will be served!


The food and drinks are generously sponsored by "Q" - an IT & Digital talent firm. "Q" specializes in networking and building relationships with IT and Digital Talent. They strive to get to know you so we can help with your career growth. They partner with various clients in the Los Angeles area and offer Contract, Contract-to-Hire and Direct Placement opportunities. Find out more at their web site:

As always, our very special thanks to Coloft for hosting us.


Street Parking is usually readily available, most of the meters are free after 6pm. Please check the street signs as some sides of the streets are permit parking only.

Give a Ride, Get a Ride

If you'd like to carpool, please post your location in the carpool thread.

Problem finding the location?

Call Oleg @[masked]


If you want to hear about upcoming tech meetups, follow the group and organizers:

Twitter: @laphp | @olegbaranovsky | @ronpeled | @joedevon
Please use these hashtags when tweeting about us:  #LAPHP 


LinkedIn | Facebook | Plancast

Join or login to comment.

96 went

Our Sponsors

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy