Course Code:
seccoding
Duration:
21 hours
Overview:
Training aim is to provide developers with an understanding of the web apps weaknesses and vulnerabilities, how they manifest themselves, how hackers find them and what the impact can be and then, most importantly, we explain how to code defensively to prevent these weaknesses. We explain what works and what does not and some common issues we encounter during our penetrating testing engagements.
Course Outline:
Introduction to Application Security
- What is Application Security and why is it so important?
- What does it mean to *your* business?
SDL in depth
- Analysing security and privacy risk
- Attack surface analysis
- Threat Modelling
- Identifying the right tools
- Enforcing banned functions
- Static analysis
- Dynamic / Fuzz Testing
- Response Plan
- Final Security Review
Hands-on with the OWASP Top 10 2021 Web Application Security Risks
We keep up to date with the latest OWASP Top Ten vulnerabilities.
- A01:2021-Broken Access Control
- A02:2021-Cryptographic Failures
- A03:2021-Injection
- A04:2021-Insecure Design
- A05:2021-Security Misconfiguration
- A06:2021-Vulnerable and Outdated Components
- A07:2021-Identification and Authentication Failures
- A08:2021-Software and Data Integrity Failures
- A09:2021-Security Logging and Monitoring Failures
- A10:2021-Server-Side Request Forgery
Beyond OWASP
- Data Protection Mechanisms (crypto and more)
- Fuzz testing and other tools
- Click jacking
- Response Splitting
- CWE/SANS Top 25 Most Dangerous Software Errors
- Exploiting authentication
- Language issues
- Data devaluation
- Tokenisation solutions
- Auditing and Logging Solutions
Summary
- Applying what you have learnt in the real world.
- Understanding the business impact of insecure software.