Ok great, what will we cover?

Ok, So what will we cover?

1. Web Services, RESTful APIs, and SOA
2. Software Engineering: Architecting and design
3. Software project management and Team dynamics
4. Client-side application development
5. Server-side API Creation
6. Application Pen Testing
7. Hardening and secure coding in the SDLC

Icebreaker

The Cup-stack Challenge

Ok, so what did we learn here?

1. Stacking cups is hard
2. Teamwork is a give and take
3. Collective vision is essential for success
4. Building software in a team isn't all that different - each of you have different visions and try to make those visions a reality. It only works when everyone learns what their pull is.
5. Pull requests puns are a real thing. 
6. Dr. Hale loves puns and will continue to use them unashamedly 

Part1: Class Overview

GITHUB - Learn it and Love it

Class Repo: https://github.com/mlhale/CYBR8470

Slick version: mlhale.github.io/CYBR8470

We Will be using it a lot

Canvas - For Grades

Slack

Part2: Web Apps 101

(nearly) All companies have a web app

You probably use them, daily.

As a user, you expect web apps to be:

fast, responsive, always available, and secure

Despite your expectations:

96% of web apps have vulnerabilities*

 Cenzic Application Vulnerability Trends report, 2014

*...at the application Level!

* Cenzic Application Vulnerability Trends report, 2014

Basic Web App attack Principle

...make the web application do something it was never intended to do.

aka...user input is evil.

EX: XSS

Allows attackers to inject malicious scripts into web pages and have it executed in another user’s browser. Usually to capture some user information.

EX: XSS Defense

• Filter and validate all user input before accepting it.
• Encode and escape special characters as HTML.
• Never trust user input or display raw submissions.

Problematic Characters

We will REturn to XSS

Part3: HTTP and REST Overview

Hands-on lesson: https://mlhale.github.io/CYBR8470/modules/restful-api/