Our Web App Security training course is aimed at developers who need to understand the key current vulnerabilities presenting a constant threat to web-facing applications.
Poor security can cause disastrous impact to your business - loss of your own critical / sensitive data, or a breach of confidential customer information can lead to an immediate and very public loss of trust.
As well as exploring vulnerabilities and threats through practical exercises, the workshop will give you an appreciation of the vital importance of security by design.
OWASP Training
Our secure development course course also takes a good hard look at the OWASP Top Ten most critical web application security risks (and usually covers key points from the latest release candidate too).
These vulnerabilities largely affect cross-platform web technologies, and as such our course can be suitable for anyone involved in web development. Our hands-on exercises and code demonstrations are delivered with examples of JavaScript, SQL and other common exploits.
If you have a specific set of learning goals or project requirements, we can tailor the course for on-site delivery and focus for instance on your tech stack (e.g. JavaScript, .NET, Java, PHP, Scala et al).
By the end of the course, you will have learnt about:
- Secure Development Lifecycle
- OWASP Top 10 Threats with code examples
- Crypto techniques
- Fuzz testing
Who should attend
Web Developers, Testers, Software Architects, Development Managers, Technical QA Managers
Prerequisites
Experience of data-driven web development in a language such as Java, C#, VB.NET, PHP. Knowledge of JavaScript would also be useful.
On-site Secure Application Development Training
If you would like to discuss custom / on-site Secure Web App Development training for any size of team or development platform, please get in touch – we would be glad to help build a course that meets your learning requirements.
We can take into account your existing technical skills, project requirements and timeframes, and specific topics of interest to tailor the most relevant and focussed course for you.
This can be particularly useful if you need to learn just the new features and Web App security Best Practices, or need to include extra topics to help with pre-requisite skills.
A number of clients have also asked for discussion about the security of SCADA and other Industrial Control Systems which we’re more than happy to cover. Please let us know your requirements and we will do everything we can to accommodate them.
Introduction to Security
- What is Security and why does it matter?
SDL in depth
- Analysing security and privacy risk
- Attack surface analysis
- Threat Modeling
- Identifying the right tools
- Enforcing banned functions
- Static analysis
- Dynamic / Fuzz Testing
- Response Plan
- Final Security Review
Hands-on with the OWASP 2017 Top 10 Web Application Security Risks
-
A1 - Injection
-
A2 - Broken Authentication
-
A3 - Sensitive Data Exposure
-
A4 - XML External Entities (XXE)
-
A5 - Broken Access Control
-
A6 - Security Misconfiguration
-
A7 - Cross-Site Scripting (XSS)
-
A8 - Insecure Deserialization
-
A9 - Using Components with Known Vulnerabilities
-
A10 - Insufficient Logging & Monitoring
Beyond OWASP
- Data Protection Mechanisms (crypto and more)
- Fuzz testing and other tools
- Click jacking
- Response Splitting
- CWE/SANS Top 25 Most Dangerous Software Errors
- Exploiting authentication
- Language issues
- Data devaluation
- Tokenisation solutions
- Auditing and Logging Solutions
Summary
- Applying what you’ve learnt in the real world.
- Understanding the business impact of insecure software.
"Some really useful things to think on - real life examples really helped put the content in context."
Web App Security and OWASP Training Course
KC, Lead Software Developer
UK consultancy (risk, pensions, investment and insurance) - name withheld
