Application Security for Developers
-
COURSE DATES AND LOCATIONS
DATE
Duration
LOCATION
FEES
Book Now
-
INTRODUCTION
This course will familiarize you with the common vulnerabilities that plague developed code as outlined in publications like the OWASP Top 10 and SANS Top 25. You will understand what type of development behaviors lead to vulnerabilities and how to avoid those behaviors when creating secure code. You will learn how to perform a threat model on development features to understand what threats could impact your code, where they come from and how to mitigate them. You will also review and operate analysis tools that are available to developers in order to analyze their code and discover vulnerabilities, allowing you to correct them early in the development life cycle. Finally you will understand how application security fits in an overall cyber security program.
-
COURSE OBJECTIVES
The course is suitable for programmers, project managers or software architects and provides indications on the methodological bases, standards (as Owasp best practices) and tools for developing secure code, avoiding the inclusion of bugs or vulnerabilities in the programs. Various practical workshops are carried out to support the theoretical treatment, which show the use of the tools and the mitigation of some of the vulnerabilities most frequently found in web or desktop applications.
Offers thorough guidance on best security practices for secure application development (Introduction to various security frameworks and tools and techniques).
By the end of the course, you‘ll be able to:
- Covers industry standards such as OWASP top 10 application vulnerabilities with a practical demonstration of vulnerabilities complemented with hands-on lab practice.
- Provides insights into the latest security vulnerabilities (such as host header injection, XML external entity injection, attacks on JWT tokens, deserialization vulnerabilities).
-
COURSE AUDIENCE
This course is made for :
- Software developers interested in developing more secure software.
- Security practitioners
- Software and security engineering leaders
- Cyber security professionals
-
COURSE OUTLINE
Day One
-
Learn how to become an application security champion.
-
What is the OWASP Top 10 and how to defend against those vulnerabilities.
-
Use of threat modeling to identify threats and mitigation in development features.
-
How to perform a threat model on an application.
-
How to perform a vulnerability scan of an application.
-
Rating security vulnerabilities using standard and open processes.
-
How to correct common security vulnerabilities in code.
-
How application security fits in an overall cyber security program
-
Building security in to the software development life cycle.
Day Two
- Introduction of information security scenario.
- Primer on Web Application Security.
- Common Threats and Vulnerabilities in Web application.
- Breaking the network into Web, Application and Database.
Day Three
Common attacks at Web end.
-
- Cross-site scripting
- Parameter tampering
- Cookie poisoning
- Input manipulation
- Buffer overflow
- Direct access browsing
- Denial of Service
- Cross Site Request Forgery (CSRF)
- Insecure configuration flaws.
- Directory traversal
- Handling exception
Day Four
Common attacks at the Application end.
-
- Broken Authentication & Session Management
- Denial of Service
- Directory traversal
- Race Conditions
- Input Validation
- Improper handling of error messages.
Day Five
- Common attacks at Database end including Code Injection Flaws / Sql Injection
- Hands on simulation on common web application attack scenarios.
