3 Days
  • Understand what application security vulnerabilities are their trends
  • Gain an insight into their impact through practical demonstrations
  • Learn how to fix/avoid them by discussing various strategies, best practices, code snippets and tools
  • Learn how to inject Security into your DevOps pipeline to automate security and develop a DevSecOps pipeline

Class Overview

Application Security testing (Also known as whitebox testing) as an activity tends to capture security vulnerabilities at the end of the SDLC and is often too late to be able to influence fundamental changes in the way code is written.

If you are a developer who requires mitigation strategies or fails to understand issues like Cross-Site Scripting, XML, External Entity attacks, Deserialization issues, Content-Security Policy and many more application security vulnerabilities and their remediation then this class is for you!

If you are Manager responsible for handling a development team and would like to give a good dose of security knowledge so that you can avoid application security bugs in your code, then you are at the right place!

If you are a DevOps engineer wondering how to automate security into your pipeline, then this course will teach you on how to metamorphose your DevOps to DevSecOps. If you would like to avoid breaches like that of Equifax in September 2017, then sign up now!

Class Details

This class covers the following modules:

Day 1

Application Security Basics
Understanding HTTP protocol
Security Misconfigurations
Insufficient Logging and Monitoring
Authentication Flaws
Authorization Bypass
Cross Site Scripting (XSS)

Day 2

Cross Site Request Forgery (CSRF)
Server-Side Request Forgery
SQL Injection
XML External Entity (XXE) Attacks
Insecure File Uploads
Deserialization Vulnerabilities
Client-Side Security
Source Code Review

Day 3

Introduction and overview of DevOps
What and Why of DevSecOps?
Integrating Security in CI/CD
Vulnerability Management using Archerysec
Secret Management using Vault, Jenkins and Docker Secrets
Security in Developer Workstations: Pre-Commit Hooks using Talisman
Software Composition Analysis using Dependency-Checker
SAST – Static Application Security Testing using FindSecBugs
DAST – Dynamic Application Security Testing using ZAP
Security in Infrastructure as a Code using Clair
Automated Vulnerability Assessment using OpenVAS
Compliance as Code using Inspec
Monitoring and Feedback using Modsecurity WAF
DevSecOps in AWS
Challenges in DevSecOps
DevSecOps Enablers


Who Should Take This Class?

• Any person who wishes to learn about application security vulnerabilities and understand more about their impact
• Developers who create web applications in any language can attend
• Any technical person having a basic knowledge of how web applications work or is responsible for Implementing, managing or protecting web applications
• Any DevOps engineer looking to automate security

Student Requirements

The only requirement for this class is that you bring your own laptop with minimum version JDK 8.0 installed with administrator rights and lots of caffeine!

How to book

What courses are you interested in?


Also Available from our partners below

UK and Virtual


Hacking Training Classes

Lab-Based Training - Written by BlackHat Trainers - Available Globally

NotSoSecure classes are ideal for those preparing for CREST CCT (ICE), CREST CCT (ACE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform Penetration Testing on infrastructure / web applications as a day job & wish to add to their existing skill set.

Download the Hacking Classes Brochure

Training Events

NotSoSecure Training Journey:

Beginner Friendly

Hacking 101

The Art of Hacking

2020 Edition

The Art of Hacking

2020 Edition

Infrastructure Hacking

2020 Edition

Web Hacking

Specialist Offensive Classes

2020 Edition

Advanced Infrastructure Hacking

2020 Edition

Advanced Web Hacking


Hacking and Securing Cloud Infrastructure

Specialist Defence Classes

2020 Edition

AppSec for Developers