Legacy Software absichern (Online)
Description
In this workshop, a systematic approach to tackling the issue of security in legacy software is practiced in practical exercises on a larger application written in Java.
Maintenance often takes up the largest part of a software’s life cycle. In larger organizations, it is not uncommon to have to take over the maintenance of software that you have not written yourself. Especially in the context of so-called legacy systems, developers will often encounter the problem that the issue of security played no or only a subordinate role in the original implementation. However, if the application has to be operated over a longer period of time, possibly even under different operating conditions, e.g. due to a migration to the cloud, the security aspect must be addressed in greater depth.
Agenda
09:00 - 17:30 (incl. 1h lunch break and 4 x 10-15 minute breaks)
- Getting to know the example application
- Identification of security-relevant points in (unknown) software
- Creation of an initial threat model
- Detecting security vulnerabilities in the source code
- Use of automated security testing and security scanners
Your Trainers
Christoph Iserlohn
INNOQ
Scalability and security, host of INNOQ’s Security Podcast
- Flexible architectures
- OWASP Top Ten in practice
- Securing legacy software
- Web Security
Christoph Iserlohn is a senior consultant at INNOQ. He has many years of experience in the development and architecture of distributed systems. His main focus is on the topics of scalability, availability, and security.