Training & Exams

Application Security for Developers - Digital.

About This Course

Course Code
QAAPPSEC

Course Type
Performance Plus

Vendor
Cyber

Duration
2 Days

RRP
£1,920.00

Course Overview
Download

Overview

Security testing Pen Testing as an activity tends to capture security vulnerabilities at the end of the SDLC and is often too late to be able to influence fundamental changes in the way code is written.
We wrote this class because of the increasing need for developers to code in a secure manner. It is critical to introduce security as a quality component into the development cycle. This class aims at educating developers about various security vulnerabilities through hands-on practice using our purposely developed insecure web application which is hosted on Microsoft’s Azure platform. Throughout this class developers will be able to get on the same page with security professionals, understand their language and learn how to fix or mitigate vulnerabilities learnt during the class.

The techniques discussed in this class are mainly focused on .NET and JAVA technologies owing to their huge adoption in various enterprises in building web applications. However, the approach is generic and developers from other language backgrounds can easily grasp and implement the knowledge learnt in within their own environments.

This class is Ideal for:

Download InfoGraphic

N.B. This course meets the requirements of the PCI-DSS standard, specifically the mandated requirement 6.5:

Objectives

Delegates will use labs which are purposely riddled with multiple vulnerabilities. Delegates will receive demonstrations and hands-on practice of the vulnerabilities to better understand and grasp the issues, followed by various techniques and recommendations on how to go about fixing them. While the course covers industry standards such as OWASP Top 10 and common security issues, it also covers real world issues like various Business Logic and Authorisation flaws.

Course Outline

A highly-practical class that targets web developers, pen testers, and anyone else wanting to write secure code, or audit code against security flaws. The class covers a variety of the best security practices and in-depth defense approaches which developers should be aware of while developing applications. The class also covers some quick techniques which developers can use to identify various security issues throughout the code review process.

Students can access our online lab which is purposely riddled with multiple vulnerabilities. Students will receive demonstrations and hands-on practice of the vulnerabilities to better understand and grasp the issues, followed by various techniques and recommendations on how to go about fixing them. While the class covers industry standards such as OWASP Top 10 and SANS top 25 security issues, it also covers real world issues like various Business Logic and Authorization flaws.

DAY 1

Module 1
Application Security Basics
Module 2
Understanding HTTP protocol
Module 3
Security Misconfigurations
Module 4
Insufficient Logging and Monitoring
Module 5
Authentication Flaws
Module 6
Authorization Bypass
Module 7
Cross Site Scripting XSS
DAY 2
Module 8
Cross Site Request Forgery CSRF
Module 9
SQL Injection
Module 10
XML External Entity XXE Attacks
Module 11
Insecure File Uploads
Module 12
Deserialization Vulnerabilities
Module 13
Client Side Security
Module 14
Source Code Review

About This Course

Course Code
QAAPPSEC

Course Type
Performance Plus

Vendor
Cyber

Duration
2 Days

RRP
£1,920.00

Course Overview
Download