2-Day hands-on AppSec training covering the most common application security vulnerabilities and how to build secure applications that avoid these issues. Finding security vulnerabilities at the end of the SDLC is often too late to influence fundamental changes in the way the code is written, and many security issues could be avoided from the outset.
This class has been written by developers turned pen testers who can help developers to code in a secure manner and introduce security into the development cycle. Throughout this class, developers will be able to get on the same page with security professionals, understand how exploitable vulnerabilities are created in code, learn how to fix or mitigate vulnerabilities and get acquainted with the root causes behind some real-world breaches. Various bug bounty case studies from popular websites like Facebook, Google, Shopify, Paypal, Twitter etc will be discussed explaining the financial repercussions of application security vulnerabilities like SSRF, XXE, SQL Injection, Authentication issues etc.
The techniques discussed in this class are generic and developers from any language background can easily grasp and implement the knowledge learned within their own environments. In the class, .NET, Java and NodeJS are used in the workshop examples as this range provide lessons that can be used in a wide range of applications.
Students will also participate in a ‘capture the flag’ exercise where they’ll be challenged to identify vulnerabilities in code snippets derived from real-world applications.
Application Security Basics
Understanding the HTTP Protocol
Security Misconfigurations
Insufficient Logging and Monitoring
Authentication Flaws
Authorization Bypass Techniques
Cross-Site Scripting (XSS)
Cross-Site Request Forgery Scripting
Server-Side Request Forgery (SSRF)
SQL Injection
XML External Entity (XXE) Attacks
Unrestricted File Uploads
Deserialization Vulnerabilities
Client-Side Security Concerns
Source Code Review
DevSecOps
Join our public courses in our France facilities. Private class trainings will be organized at the location of your preference, according to your schedule.
B. S. - Senior Application Security Consultant
Mercedes-Benz Türk A.Ş.
Rated the training 5 stars.