AppSec Training for Developers
This two-day course was developed on account of the increasing need for developers to code in a safe way.
In this two-day, practical, advanced course, participants will gain an understanding of the security vulnerabilities in applications, including the industry-standard OWASP Top 10 list, and learn strategies to defend against them.
The course is now available as live online training and can be held for you individually or for your company. Contact us below with your requirements.
At the end of the course, participants will be able to:
- Understand the OWASP Top 10 with the help of practical demonstrations and deep insights,
- Understand the financial implications of various vulnerabilities,
- Set up a system with continuous security monitoring,
- Identify and resolve security vulnerabilities much earlier in the SDLC process to save time, effort and costs.
Course participants receive:
- In addition to the various tools and content from the course, participants will also receive seven-day lab access where they can practice all the exercises/demos shown during the course.
For security and IT decision-makers
What impact does a training course by Claranet Cyber Security really have on your team?
Make your company a less attractive target for attackers by building a team that is capable of writing code which is resistant to complex, modern attacks without losing any company functionality or development speed. At the end of the course, participants will be able to:
- Write secure application code that can resist a variety of OWASP Top 10 web-based attacks,
- Understand how attackers identify vulnerabilities in code and the implications of this so that they can adopt more secure ways of working,
- Identify and alleviate security vulnerabilities at an earlier stage of the development cycle,
- Understand the commercial impact of application security and communicate this to key stakeholders,
- Take on more responsibility in the team,
- Become an advocate for security throughout the company.
Pentesting (security testing) as an activity tends to catch security vulnerabilities at the end of the SDLC, and by then it is often too late to be able to make any fundamental changes to the way the code is written.
This course was written by developers who are pentesters themselves and can help other developers to program securely, as it is crucial to include security as a quality component in the development cycle.
During this course, developers will be able to engage with security experts, understand their language, learn how to fix or alleviate vulnerabilities they learned about during the course, and become familiar with some real-world security breaches, like the Equifax data breach in September 2017. A range of bug bounty case studies from popular websites like Facebook, Google, Shopify, PayPal, Twitter, etc. will be discussed to explain the financial implications of security vulnerabilities in applications such as SSRF, XXE, SQL injection, authentication issues, and so on.
The techniques discussed in the course focus mainly on .NET, Java and NodeJS technologies, as these are widely used in web application development in various companies. However, the approach is kept generic so that developers of other languages can easily grasp the material they have learned and implement it in their own environment.
Participants have to take part in a CTF where they identify vulnerabilities in code snippets from real applications.
Module 1 - Application Security Basics
Module 2 - Understanding the HTTP Protocol
Module 3 - Security Misconfigurations
Module 4 - Insufficient Logging and Monitoring
Module 5 - Authentication Flaws
Module 6 - Authorization Bypass Techniques
Module 7 - Cross Site Scripting (XSS)
Module 8 - Cross-Site Request Forgery Scripting (CSRF)
Module 9 - Server Side Request Forgery(SSRF)
Module 10 - SQL Injection
Module 11 - XML External Entity (XXE) Attacks
Module 12 - Insecure File Uploads
Module 13 - Deserialization Vulnerabilities
Module 14 - Client-Side Security Concerns
Module 15 - Source Code Review
Module 16 - DevSecOps
Who Should Take This Class?
This course is ideal for Web/API developers who work day-in-day out building full-stack web applications or web APIs. Anyone who is looking to develop a skill-set into web application security and is looking to identify web application flaws will also benefit from this course.
Delegate Requirements
Delegates need to have a basic understanding of how web applications work with an added advantage for those who currently develop web applications. This training is a programming language agnostic. A Laptop with minimum 4 GB RAM and 1 GB of extra space is also required.
Course Information