QA-QAAPPSEC

Ladda ner som PDF

Application Security for Developers

Application Security for Web Developers: A 2 day highly-practical course that targets web developers, security auditors, penetration testers, security managers and anyone else who would like to learn about writing secure code or to audit code against security flaws. The course covers each and every vulnerability in-depth and discusses a variety of the best security practices and defence-in-depth approach which developers should keep in mind while developing applications.

The attendees will be provided access to infrastructure on which they will be practicing to identify vulnerable code and subsequently discuss patching approaches. While the course covers industry standards such as OWASP Top 10 and SANS top 25 security issues, it also talks about real world issues which don't find a mention in these lists. The course does not focus on any particular web development language or technology but focuses on the principles. It includes examples from PHP, .NET, classic ASP and Java.

Prior knowledge

Delegates will have attended the Introduction to Digital Investigations course (QAIDIGINV) or have sufficient practical experience of evidential capture.

Intended Audience:

  • Software/Web developers
  • PL/SQL developers
  • Penetration Testers
  • Security Auditors
  • Administrators and DBAs
  • Security Managers

Objectives:

  • Covers latest industry standards such as OWASP Top 10 (2013)
  • Insight into latest security vulnerabilities (such as mass assignment bug in MVC Frameworks)
  • Thorough guidance on security best practices (like HTTP header such as CSP, HSTS header etc).
  • References to real world analogy for each vulnerability
  • Hands-on labs

Course Outline:

Introduction to Web Applications

  • Design Flaws
  • Authentication
  • Authorization
  • Session Management
  • Logical Flaws
  • Web Server Misconfiguration
  • Application Server Misconfiguration
  • HTTP Methods
  • SSL and MITM attacks

Cross Site Issues

  • Cross Site Scripting
  • Cross Site Request Forgery
  • Session Fixation
  • CRLF Injection
  • Flash and Cross Domain Issues

Server Side Issues

  • SQL Injection
  • File Uploads
  • Server Side Includes
  • File Inclusion
  • Direct Object Reference
  • OS Code Execution

Best Security practices

  • HSTS
  • Content Security Policy
  • Defense in Depth

Objectives:

  • Covers latest industry standards such as OWASP Top 10 (2013)
  • Insight into latest security vulnerabilities (such as mass assignment bug in MVC Frameworks)
  • Thorough guidance on security best practices (like HTTP header such as CSP, HSTS header etc).
  • References to real world analogy for each vulnerability
  • Hands-on labs

Course Outline:

Introduction to Web Applications

  • Design Flaws
  • Authentication
  • Authorization
  • Session Management
  • Logical Flaws
  • Web Server Misconfiguration
  • Application Server Misconfiguration
  • HTTP Methods
  • SSL and MITM attacks

Cross Site Issues

  • Cross Site Scripting
  • Cross Site Request Forgery
  • Session Fixation
  • CRLF Injection
  • Flash and Cross Domain Issues

Server Side Issues

  • SQL Injection
  • File Uploads
  • Server Side Includes
  • File Inclusion
  • Direct Object Reference
  • OS Code Execution

Best Security practices

  • HSTS
  • Content Security Policy
  • Defense in Depth

Utbildningen levereras i samarbete med

Kurs-ID: QA-QAAPPSEC
Längd: 2 dagar
Pris exkl moms: 19 800 kr

Frågor om kursen!?

Har du frågor om kursens innehåll, leveransdatum/ort eller behöver en företagsanpassad variant? Fyll i formuläret nedan!


Avtalsrabatter och kampanjer kan ej nyttjas på denna kurs.


Ort och datum

Cloud Access
i Läs mer

Delta på kursen från ditt hem, jobb eller annan plats.

31 okt – 1 nov
Boka nu!

Tipsa