Tailor this course for your business

Looking for a cost effective solution that adds business value? Talk to us to find out how we can customise the course for your business.

Public Courses

Dates and rates

8th Dec 2020 - £1395.00

22nd Mar 2021 - £1395.00

22nd Jun 2021 - £1395.00

11th Oct 2021 - £1395.00

All prices are excluding VAT.

Location: Remote Attendance

Book a public course now

About the course:

Our Web App Security training course is aimed at developers who need to understand the key current vulnerabilities presenting a constant threat to web-facing applications.

Poor security can cause disastrous impact to your business - loss of your own critical / sensitive data, or a breach of confidential customer information can lead to an immediate and very public loss of trust.

As well as exploring vulnerabilities and threats through practical exercises, the workshop will give you an appreciation of the vital importance of security by design.

OWASP Training

Our secure development course course also takes a good hard look at the OWASP Top Ten most critical web application security risks (and usually covers key points from the latest release candidate too).

These vulnerabilities largely affect cross-platform web technologies, and as such our course can be suitable for anyone involved in web development. Our hands-on exercises and code demonstrations are delivered with examples of JavaScript, SQL and other common exploits.

If you have a specific set of learning goals or project requirements, we can tailor the course for on-site delivery and focus for instance on your tech stack (e.g. JavaScript, .NET, Java, PHP, Scala et al).

In a nutshell Who should attend Flexible training Course Syllabus

By the end of the course, you will have learnt about:

Secure Development Lifecycle
OWASP Top 10 Threats with code examples
Crypto techniques
Fuzz testing

Who should attend

Web Developers, Testers, Software Architects, Development Managers, Technical QA Managers

Prerequisites

Experience of data-driven web development in a language such as Java, C#, VB.NET, PHP. Knowledge of JavaScript would also be useful.

Live, instructor-led online and on-site training

We appreciate that you need flexibility to fit in with new working situations - whether you're an individual, part of a distributed team, or simply have projects and deadlines to meet.

Our remote training can take place online in a virtual classroom, with content split into modules to accommodate your scheduling challenges and meet your learning goals. Get in touch today to find out how we can help design a cost-effective, flexible training solution.

As soon as it's safe, we'll return to also offering the on-site custom training courses and programmes upon which we've built our reputation.

Introduction to Application Security

What is Application Security and why is it so important?
What does it mean to *your* business?

SDL in depth

Analysing security and privacy risk
Attack surface analysis
Threat Modeling
Identifying the right tools
Enforcing banned functions
Static analysis
Dynamic / Fuzz Testing
Response Plan
Final Security Review

Hands-on with the OWASP Top 10 2017 Web Application Security Risks

We keep up to date with the latest OWASP Top Ten vulnerabilities.

A1:2017-Injection
A2:2017-Broken Authentication
A3:2017-Sensitive Data Exposure
A4:2017-XML External Entities (XXE)
A5:2017-Broken Access Control
A6:2017-Security Misconfiguration
A7:2017-Cross-Site Scripting (XSS)
A8:2017-Insecure Deserialization
A9:2017-Using Components with Known Vulnerabilities
A10:2017-Insufficient Logging & Monitoring

Beyond OWASP

Data Protection Mechanisms (crypto and more)
Fuzz testing and other tools
Click jacking
Response Splitting
CWE/SANS Top 25 Most Dangerous Software Errors
Exploiting authentication
Language issues
Data devaluation
Tokenisation solutions
Auditing and Logging Solutions

Summary

Applying what you’ve learnt in the real world.
Understanding the business impact of insecure software.

"Trainer was great. Good examples to situations provided."

Web App Security and OWASP Training Course
NM, Testing Lead
UK GIS specialist - name withheld

"Stuart gave a great presentation and the training was highly thought-provoking. "

Web App Security and OWASP Training Course
RJ, Business Analyst
Jato

"The charismatic trainer kept the audience's attention."

Web App Security and OWASP Training Course
JW, Business Analyst
Jato

"The course had a good pace and the trainer was able to keep the content interesting."

Web App Security and OWASP Training Course
JP, Business Analyst
Jato

"Some really useful things to think on - real life examples really helped put the content in context."

Web App Security and OWASP Training Course
KC, Lead Software Developer
UK consultancy (risk, pensions, investment and insurance) - name withheld

Web App Security and OWASP Training Course

Course overview

Tailor this course for your business

Public Courses

About the course:

OWASP Training

By the end of the course, you will have learnt about:

Who should attend

Prerequisites

Live, instructor-led online and on-site training

Introduction to Application Security

SDL in depth

Hands-on with the OWASP Top 10 2017 Web Application Security Risks

Beyond OWASP

Summary

We would love to hear from you

Web App Security and OWASP Training Course

Course overview

Tailor this course for your business

Public Courses

About the course:

OWASP Training

By the end of the course, you will have learnt about:

Who should attend

Prerequisites

Live, instructor-led online and on-site training

Introduction to Application Security

SDL in depth

Hands-on with the OWASP Top 10 2017 Web Application Security Risks

Beyond OWASP

Summary

Related courses

We would love to hear from you