0845 450 6120

Application Security for Developers

Security testing (Pen Testing) as an activity tends to capture security vulnerabilities at the end of the SDLC and is often too late to be able to influence fundamental changes in the way code is written.

This course is crucial because of the increasing need for developers to code in a secure manner. It is critical to introduce security as a quality component into the development cycle. This class aims at educating developers about various security vulnerabilities through hands-on practice using our purposely developed insecure web application which is hosted on Microsoft’s Azure platform. Throughout this class developers will be able to get on the same page with security professionals, understand their language and learn how to fix or mitigate vulnerabilities learnt during the class.

The techniques discussed in this class are mainly focused on .NET and JAVA technologies owing to their huge adoption in various enterprises in building web applications. However, the approach is generic and developers from other language backgrounds can easily grasp and implement the knowledge learnt in within their own environments.

Learning Objectives

Delegates will use labs which are purposely riddled with multiple vulnerabilities. Delegates will receive demonstrations and hands-on practice of the vulnerabilities to better understand and grasp the issues, followed by various techniques and recommendations on how to go about fixing them. While the course covers industry standards such as OWASP Top 10 and common security issues, it also covers real world issues like various Business Logic and Authorisation flaws.

  •   Covers latest industry standards such as OWASP Top 10 with practical demonstrations of vulnerabilities complemented with Hands-on Lab practice
  •   Insight into the latest security vulnerabilities (such as Host Header Injection, XML Entity Injection, Web-Services and API Security)
  •   Thorough guidance on the best security practices (Introduction to various Security Frameworks and tools and techniques for Secure Development)
  •   References to real-world analogy for each vulnerability (Understand and appreciate why Facebook would pay $33,000 for XML Entity Injection Vulnerability?)

Course Content

A highly-practical course that targets web developers, pen testers, and anyone else wanting to write secure code, or audit code against security flaws. The course covers a variety of the best security practices and in-depth defence approaches which developers should be aware of while developing applications. The course also covers some quick techniques which developers can use to identify various security issues throughout the code review process.

Day 1

Module 1.

Application Security Basics

Module 2.

Understanding the HTTP protocol

Module 3.

Security Misconfigurations

Module 4.

Authentication Flaws

Module 5.

Authorization Bypass

Module 6.

Cross Site Scripting (XSS)

Day 2

Module 7.

Cross Site Request Forgery (CSRF)

Module 8.

SQL Injection

Module 9.

XML External Entity (XXE) Attacks

Module 10.

Insecure File Uploads

Module 11.

Client Side Security

Module 12.

Source Code Review

Module 13.

Threat Modelling

Privacy Notice

In order to provide you with the service requested we will need to retain and use your contact information in accordance with our Privacy Notice. If you choose to provide us with this information you explicitly consent to us using the information as necessary to provide the request service to you. If you do not agree please do not proceed to request the service from us.

Marketing Permissions

Would you like to receive our newsletter and other information on products and services which we think will be of interest to you by email. We will always treat your information with care and in accordance with our Privacy Notice. You are free to withdraw this permission at any time.

 

Online Courses

You may prefer an online course if you are looking for a flexible and cost-effective solution. Online courses allow you to study at your own pace, at a time that suits you.

We have the following eLearning options available:

Virtual Classroom

Virtual classrooms provide all the benefits of attending a classroom course without the need to arrange travel and accomodation. Please note that virtual courses are attended in real-time, commencing on a specified date.

Virtual Course Dates

Our Customers Include