Application Security for Developers

Displaying courses for Great Britain [Change]

Overview

Application Security for Web Developers: A 2 day highly-practical course that targets web developers, security auditors, penetration testers, security managers and anyone else who would like to learn about writing secure code or to audit code against security flaws. The course covers each and every vulnerability in-depth and discusses a variety of the best security practices and defence-in-depth approach which developers should keep in mind while developing applications.
The attendees will be provided access to infrastructure on which they will be practicing to identify vulnerable code and subsequently discuss patching approaches. While the course covers industry standards such as OWASP Top 10 and SANS top 25 security issues, it also talks about real world issues which don't find a mention in these lists. The course does not focus on any particular web development language or technology but focuses on the principles. It includes examples from PHP, .NET, classic ASP and Java.

Objectives

  • Covers latest industry standards such as OWASP Top 10 (2013)
  • Insight into latest security vulnerabilities (such as mass assignment bug in MVC Frameworks)
  • Thorough guidance on security best practices (like HTTP header such as CSP, HSTS header etc).
  • References to real world analogy for each vulnerability
  • Hands-on labs

Audience

  • Software/Web developers
  • PL/SQL developers
  • Penetration Testers
  • Security Auditors
  • Administrators and DBAs
  • Security Managers

Prerequisites

Delegates will have attended the Introduction to Digital Investigations course (QAIDIGINV) or have sufficient practical experience of evidential capture.

Syllabus

Introduction to Web Applications

  • Design Flaws
  • Authentication
  • Authorization
  • Session Management
  • Logical Flaws
  • Web Server Misconfiguration
  • Application Server Misconfiguration
  • HTTP Methods
  • SSL and MITM attacks

Cross Site Issues

  • Cross Site Scripting
  • Cross Site Request Forgery
  • Session Fixation
  • CRLF Injection
  • Flash and Cross Domain Issues

Server Side Issues

  • SQL Injection
  • File Uploads
  • Server Side Includes
  • File Inclusion
  • Direct Object Reference
  • OS Code Execution

Best Security practices

  • HSTS
  • Content Security Policy
  • Defense in Depth

Training provider

Teaching mode: Classroom - Instructor Led
Duration: 2 days
Gooroo has partnered with the global leaders in IT training to give you access to quality training, personalised to you, targeted at increasing your job opportunities and salary.

Our pricing

We do not display pricing as Gooroo members qualify for special discounts not available elsewhere. You must enquire through Gooroo to get this benefit.

New courses are happening all the time

Our partner's expert training consultant will provide you with the times and all the details you need. Enquire today.

Top skills covered in this course

Security testing
Great Britain
This skill has an average salary of
£54,439
and is mentioned in
0.11%
of job ads in this area.
Web application
Great Britain
This skill has an average salary of
£51,292
and is mentioned in
0.99%
of job ads in this area.
SQL
Great Britain
This skill has an average salary of
£50,661
and is mentioned in
5.80%
of job ads in this area.