We can host this training at your preferred location. Contact us!

2-Day hands-on AppSec training covering the most common application security vulnerabilities and how to build secure applications that avoid these issues. Finding security vulnerabilities at the end of the SDLC is often too late to influence fundamental changes in the way the code is written, and many security issues could be avoided from the outset.

This class has been written by developers turned pen testers who can help developers to code in a secure manner and introduce security into the development cycle. Throughout this class, developers will be able to get on the same page with security professionals, understand how exploitable vulnerabilities are created in code, learn how to fix or mitigate vulnerabilities and get acquainted with the root causes behind some real-world breaches. Various bug bounty case studies from popular websites like Facebook, Google, Shopify, Paypal, Twitter etc will be discussed explaining the financial repercussions of application security vulnerabilities like SSRF, XXE, SQL Injection, Authentication issues etc.

The techniques discussed in this class are generic and developers from any language background can easily grasp and implement the knowledge learned within their own environments. In the class, .NET, Java and NodeJS are used in the workshop examples as this range provide lessons that can be used in a wide range of applications.

Students will also participate in a ‘capture the flag’ exercise where they’ll be challenged to identify vulnerabilities in code snippets derived from real-world applications.

Learn to code more securely and build more secure applications.
Identify and fix security vulnerabilities much earlier in the SDLC process saving time and effort.
Understand OWASP Top 10 common application vulnerabilities with practical demonstrations and deeper insight.
Understand the financial and wider repercussions of different vulnerabilities.
Get on the same page with the security team while discussing vulnerabilities.

Application Security Basics

Why do we need Application Security?
Understanding OWASP TOP 10

Understanding the HTTP Protocol

Understanding HTTP/HTTPS protocol
- Lab: Configure Burpsuite to intercept HTTP/HTTPS traffic
Understanding Requests and Responses
- Lab: Manipulating HTTP headers
- Demo: Host Header Injection
- Mitigation Techniques
Attack Surface detection

Security Misconfigurations

Common misconfigurations in Web Applications
Sensitive Information exposure and how to avoid it
Using Softwares with known vulnerabilities
- Demo : Struts2 RCE

Insufficient Logging and Monitoring

Types of Logging
Introduction to F-ELK

Authentication Flaws

Password Complexity
- Lab: Bruteforce using Burpsuite Intruder
Anti-Automation Techniques
- Mitigating brute-force attacks
Password Storage
- Crash Course on Cryptography
- Introduction to HashiCorp Vault
Password Recovery – Best Practices
NoSQL Security
- Lab: Bypass NoSQL Authentication
- Mitigating NoSQL Injections
Understanding WebAuthn – Passwordless Authentication Framework

Authorization Bypass Techniques

Parameter Manipulation
- Common Pitfalls and Mitigations
API Authentication – JWT
- Introduction to JWT
- Lab : Cracking JWT tokens
- Common JWT Attacks
- Mitigating JWT Attacks
SSO Authentication – OAuth
- Introduction to OAuth
- OAuth Flow
- Lab: Bypass OAuth
- Common OAuth Attacks
- Mitigating OAuth Attacks
RBAC Bypasses and mitigations
Mass Assignment Vulnerability
- Understanding Mass Assigning/Auto binding
- Lab: Exploiting Mass Assignment
- Mitigating Mass Assignment vulnerability
Insecure Direct Object References (IDOR)
- Mitigating IDORs
Local file Inclusion (LFI)
- Lab: Download internal files
- Mitigating LFI

Cross-Site Scripting (XSS)

Understanding XSS
Reflected XSS
- Lab: Exploiting Reflected XSS
- Demo: Session Hijacking
Stored XSS
- Lab: Exploiting Stored XSS
How not to Mitigate XSS
- Lab: Pitfalls in XSS Defenses
Mitigating XSS

Cross-Site Request Forgery Scripting

Understanding CSRF
- Lab: Exploiting CSRF
Mitigating CSRF

Server-Side Request Forgery (SSRF)

Understanding SSRF
- Lab: Exploiting SSRF
- SSRF in Cloud
Mitigating SSRF

SQL Injection

Understanding SQL Injection
- Lab: Error-Based SQL Injection
- Lab: Blind SQL Injection
Mitigating SQL Injection
ORM Frameworks

XML External Entity (XXE) Attacks

Understanding XML Entities
Understanding XXE Vulnerability
- Lab: Exploiting XXE Vulnerability
Mitigating XXE

Unrestricted File Uploads

File Upload functionality
- Lab: Uploading webshells
Mitigating File upload vulnerability

Deserialization Vulnerabilities

What is Serialization?
PHP Object Serialization
- Demo: PHP Object Deserialization
- Lab: Exploit PHP Deserialization
Java Object Serialization
- Demo: Java Binary Deserialization
- Other Java Deserialization
Detecting deserialization functions
Mitigation for deserialization vulnerabilities

Client-Side Security Concerns

Understanding Same Origin Policy
Understanding CORS (Cross-Origin Resource Sharing)
- Demo: CORS
- Excessive CORS
Transport Layer Protection: HSTS
Securing Cookies
Iframe Security
- Demo: Clickjacking
Content-Security Policy
Referrer Policy

Source Code Review

Manual Code Review
- SQL Injection
- Identify vulnerable libraries
- Identify Authorization Flaws
- Log Injections
- File Handling
- Insecure Cryptography
Automated Code Review
- Demo: FindSecBugs/CAT.NET
Secure Code Review CTF

DevSecOps

DevSecOps - What Why and How?
DevSecOps Sample Implementation

Application Security for Developers Training Course in Germany

The Federal Republic of Germany is the second most populous country in Europe and is located in Central Europe. The official language of the country is German. Germany is one of the richest countries in the world. The main exports of the country include motor vehicles and iron and steel products.

Here are some fun facts about Germany:
The fairy tale writer, the Brothers Grimm, came from Germany and wrote many famous stories such as Cinderella, Snow White, and Sleeping Beauty.
Germany is home to the largest theme park in Europe, the Europa-Park.
The famous composer Ludwig van Beethoven was born in Germany.
The Autobahn, the German highway system, is known for having no general speed limit.

Berlin was divided by the Berlin Wall from 1961 to 1989. Known for its street art, Berlin has many colorful murals and graffiti throughout the city. Also, Berlin is home to many famous museums, such as the Pergamon Museum and the Museum Island. Many clubs and bars stay open until the early hours of the morning in this big city.

Another popular city is Munich, which is famous for its Oktoberfest beer festival that attracts millions of visitors every year. Munich is also home to many historic buildings, including Nymphenburg Palace and the Marienplatz town square.

The country's capital and largest city is Berlin, however Frankfurt is considered to be the business and financial center of Germany. It is home to the Frankfurt Stock Exchange, the European Central Bank, and many other financial institutions. Because of its central location within Europe and its status as a major financial hub, Frankfurt is often referred to as the "Mainhattan," a play on the city's name and its association with the Manhattan financial district in New York City.

Frankfurt is also a major transportation hub, with the largest airport in Germany and one of the largest in Europe, Frankfurt Airport. Additionally, it is a popular destination for tourists, with its historic city center, beautiful parks, and vibrant cultural scene.

Some of the top German technology companies like Siemens AG, Bosch, SAP SE, Deutsche Telekom, Daimler AG and Volkswagen has business centers in Frankfurt. The country has a strong tradition of engineering and innovation, and is home to many other world-class technology companies and research institutions.

Tailored to meet the specific needs of Germany, Bilginç IT Academy combines cutting-edge training methodologies with our comprehensive range of Certification Exam preparation courses and accredited corporate training programs. Experience a transformative approach to IT training that will redefine your expectations.

Application Security for Developers Training in Germany

Upcoming Trainings

Related Trainings

Application Security for Developers Training in Germany

What You Will Learn

Outline

FREE CYBER SECURITY RESOURCES FOR REMOTE WORKERS!

Upcoming Trainings

Related Trainings