About the course:
Our Web App Security training course is aimed at developers who need to understand the key current vulnerabilities presenting a constant threat to web-facing applications.
Poor security can cause disastrous impact to your business - loss of your own critical / sensitive data, or a breach of confidential customer information can lead to an immediate and very public loss of trust.
As well as exploring vulnerabilities and threats through practical exercises, the workshop will give you an appreciation of the vital importance of security by design.
OWASP Training
Our secure development course course also takes a good hard look at the OWASP Top Ten most critical web application security risks (and usually covers key points from the latest release candidate too).
These vulnerabilities largely affect cross-platform web technologies, and as such our course can be suitable for anyone involved in web development. Our hands-on exercises and code demonstrations are delivered with examples of JavaScript, SQL and other common exploits.
If you have a specific set of learning goals or project requirements, we can tailor the course for on-site delivery and focus for instance on your tech stack (e.g. JavaScript, .NET, Java, PHP, Scala et al).
By the end of the course, you will have learnt about:
- Secure Development Lifecycle
- OWASP Top 10 Threats with code examples
- Crypto techniques
- Fuzz testing
Who should attend
Web Developers, Testers, Software Architects, Development Managers, Technical QA Managers
Prerequisites
Experience of data-driven web development in a language such as Java, C#, VB.NET, PHP. Knowledge of JavaScript would also be useful.
Live, instructor-led online and on-site training
We appreciate that you need flexibility to fit in with new working situations - whether you're an individual, part of a distributed team, or simply have projects and deadlines to meet.
Our remote training can take place online in a virtual classroom, with content split into modules to accommodate your scheduling challenges and meet your learning goals. Get in touch today to find out how we can help design a cost-effective, flexible training solution.
As soon as it's safe, we'll return to also offering the on-site custom training courses and programmes upon which we've built our reputation.
Introduction to Application Security
- What is Application Security and why is it so important?
- What does it mean to *your* business?
SDL in depth
- Analysing security and privacy risk
- Attack surface analysis
- Threat Modeling
- Identifying the right tools
- Enforcing banned functions
- Static analysis
- Dynamic / Fuzz Testing
- Response Plan
- Final Security Review
Hands-on with the OWASP Top 10 2017 Web Application Security Risks
We keep up to date with the latest OWASP Top Ten vulnerabilities.
- A1:2017-Injection
- A2:2017-Broken Authentication
- A3:2017-Sensitive Data Exposure
- A4:2017-XML External Entities (XXE)
- A5:2017-Broken Access Control
- A6:2017-Security Misconfiguration
- A7:2017-Cross-Site Scripting (XSS)
- A8:2017-Insecure Deserialization
- A9:2017-Using Components with Known Vulnerabilities
- A10:2017-Insufficient Logging & Monitoring
Beyond OWASP
- Data Protection Mechanisms (crypto and more)
- Fuzz testing and other tools
- Click jacking
- Response Splitting
- CWE/SANS Top 25 Most Dangerous Software Errors
- Exploiting authentication
- Language issues
- Data devaluation
- Tokenisation solutions
- Auditing and Logging Solutions
Summary
- Applying what you’ve learnt in the real world.
- Understanding the business impact of insecure software.