AppSec for Developers

2 Day

Covers latest industry standards such as OWASP Top 10
Insight into latest security vulnerabilities (such as mass assignment bug in MVC Frameworks)
Thorough guidance on security best practices (like HTTP header such as CSP, HSTS header etc.)
References to real world analogy for each vulnerability
Hands-on labs
Internet distribution of all course materials

Overview Prerequisites Details PDF HOW TO BOOK

Class Overview

Pen Testing as an activity tends to capture security vulnerabilities at the end of the SDLC and is often too late to be able to influence fundamental changes in the way code is written.

We wrote this class because of the need for developers to develop code and applications in a secure manner. It does not need to be more time consuming, but it is critical to introduce security as a quality component into the development cycle. The class does not target any particular web development platform, but does target the general insecure coding flaws developers make while developing applications. The examples used in the class include web development technologies such as ASP, .NET, JAVA and PHP.

Class Details

A highly-practical class that targets web developers, pen testers, and anyone else who would like to learn about writing secure code, or to audit code against security flaws. The class covers a variety of best security practices and defense in-depth approaches, which developers should be aware of while developing applications.

Students will be provided access to infrastructure on which they will identify vulnerable code and associated remediation. While the class covers industry standards such as OWASP Top 10 and SANS top 25 security issues, it also talks about real world issues that don’t find a mention in these lists. The class does not focus on any particular web development language / technology but instead on the core principles. Examples include PHP, .NET, classic ASP and Java.10 and SANS top 25 security issues.

Day 1

Module 1.
Application Security Basics
Module 2.
Understanding the HTTP protocol
Module 3.
Issues with SSL/TLS
Module 4.
Information Disclosure
Module 5.
Authentication Flaws
Module 6.
Authorization Bypass

Day 2

Module 7. 
Cross Site Scripting (XSS)
Module 8. 
Cross Site Request Forgery (CSRF)
Module 9. 
SQL Injection
Module 10. 
XML External Entity (XXE) Attacks
Module 11. 
Insecure File Uploads
Module 12. 
Client Side Security
Module 13. 
Source Code Review

Prerequisites

Who Should Take This Class?

This training is Ideal for: Software/Web developers, PL/SQL developers, Penetration Testers, Security Auditors, Administrators and DBAs and Security Managers.

Student Requirements

The only requirement for this class is that you bring your own laptop and have admin/root access. During the class, we will give you VPN access to our state-of-the-art hacklab which is hosted in our datacentre in the UK. Once you are connected to the lab, you will find all the relevant tools/VMs there. We also provide a dedicated Kali VM to each attendee on the hacklab, so you don’t need to bring any VMs with you. all you need is to install the VPN client and you are good to go.

Also, note that we will use an Ethernet/wired network for this class. If your laptop does not support this, please carry the correct adaptor to ensure you are able to connect to the wired network.

Hacking Training Classes

Lab-Based Training - Written by BlackHat Trainers – Available Globally

NotSoSecure classes are ideal for those preparing for CREST CCT (ICE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform Penetration Testing on infrastructure as a day job and wish to add to their existing skill set.


Download the NotSoSecure Hacking Classes Brochure

The Art of Hacking

The Art of Hacking

=

Infrastructure Hacking

+

Web Hacking

Other Specialist Classes

Advanced Infrastructure Hacking

AppSec for Developers

Practical Internet Of Things (IoT) Hacking

Book Your Training

Working exclusively with 3 training delivery partners, NotSoSecure Hacking Training is available around the world.


UNITED KINGDOM

REST OF THE WORLD

IEEE MEMBER