Application Security for Developers Eğitimi

  • Eğitim Tipi: Classroom / Virtual Classroom / Online
  • Süre: 2 Gün
  • PDF indir
  • Bu eğitimi kendi kurumunuzda planlayabilirsiniz. Bize Ulaşın!

Security testing (Pen Testing) as an activity tends to capture security vulnerabilities at the end of the SDLC and is often too late to be able to influence fundamental changes in the way code is written.

We wrote this class because of the increasing need for developers to code in a secure manner. It is critical to introduce security as a quality component into the development cycle. This class aims at educating developers about various security vulnerabilities through hands-on practice using our purposely developed insecure web application which is hosted on Microsoft’s Azure platform. Throughout this class developers will be able to get on the same page with security professionals, understand their language and learn how to fix or mitigate vulnerabilities learnt during the class.

The techniques discussed in this class are mainly focused on .NET and JAVA technologies owing to their huge adoption in various enterprises in building web applications. However, the approach is generic and developers from other language backgrounds can easily grasp and implement the knowledge learnt in within their own environments.

Target Audience

  • Software/Web Developers,
  • PL/SQL Developers,
  • Penetration Testers,
  • Security Auditors,
  • Administrators
  • DBAs and Security Managers.

Download InfoGraphic

N.B. This course meets the requirements of the PCI-DSS standard, specifically the mandated requirement 6.5:

  • Prevent common coding vulnerabilities in software development processes by training developers in secure coding techniques and developing applications based on secure coding guidelines - including how sensitive data is handled in memory.

Delegates will use labs which are purposely riddled with multiple vulnerabilities. Delegates will receive demonstrations and hands-on practice of the vulnerabilities to better understand and grasp the issues, followed by various techniques and recommendations on how to go about fixing them. While the course covers industry standards such as OWASP Top 10 and common security issues, it also covers real world issues like various Business Logic and Authorisation flaws.

  • Covers latest industry standards such as OWASP Top 10 with practical demonstrations of vulnerabilities complemented with Hands-on Lab practice
  • Insight into the latest security vulnerabilities (such as Host Header Injection, XML Entity Injection, Web-Services and API Security)
  • Thorough guidance on the best security practices (Introduction to various Security Frameworks and tools and techniques for Secure Development)
  • References to real-world analogy for each vulnerability (Understand and appreciate why Facebook would pay $33,000 for XML Entity Injection Vulnerability?)

A highly-practical class that targets web developers, pen testers, and anyone else wanting to write secure code, or audit code against security flaws. The class covers a variety of the best security practices and in-depth defense approaches which developers should be aware of while developing applications. The class also covers some quick techniques which developers can use to identify various security issues throughout the code review process.

Students can access our online lab which is purposely riddled with multiple vulnerabilities. Students will receive demonstrations and hands-on practice of the vulnerabilities to better understand and grasp the issues, followed by various techniques and recommendations on how to go about fixing them. While the class covers industry standards such as OWASP Top 10 and SANS top 25 security issues, it also covers real world issues like various Business Logic and Authorization flaws.

DAY 1

Module 1

Application Security Basics

Module 2

Understanding HTTP protocol

Module 3

Security Misconfigurations

Module 4

Insufficient Logging and Monitoring

Module 5

Authentication Flaws

Module 6

Authorization Bypass

Module 7

Cross Site Scripting (XSS)

DAY 2

Module 8

Cross Site Request Forgery (CSRF)

Module 9

SQL Injection

Module 10

XML External Entity (XXE) Attacks

Module 11

Insecure File Uploads

Module 12

Deserialization Vulnerabilities

Module 13

Client Side Security

Module 14

Source Code Review



Eğitime kayıt olmak, eğitim planlamak ve diğer tüm konular için bize ulaşın!

Application Security for Developers Eğitimi hakkında ilginizi çekebilecek yazılar

EVDEN ÇALIŞANLAR İÇİN ÜCRETSİZ SİBER GÜVENLİK KAYNAKLARI

Yakın tarihte açılacak eğitimler

Sınıf eğitimlerimizi İstanbul, Ankara ve Londra ofislerimizde düzenlemekteyiz. Kurumunuza özel eğitimleri ise, dilediğiniz tarih ve lokasyonda organize edebiliriz.

10 Aralık 2020

2 Gün
Classroom / Virtual Classroom

İstanbul, Ankara, Londra
Bilgi İste & Kayıt Ol İstanbul, Ankara, Londra

20 Mayıs 2021

2 Gün
Classroom / Virtual Classroom

İstanbul, Ankara, Londra
Bilgi İste & Kayıt Ol İstanbul, Ankara, Londra

17 Haziran 2021

2 Gün
Classroom / Virtual Classroom

İstanbul, Ankara, Londra
Bilgi İste & Kayıt Ol İstanbul, Ankara, Londra

07 Ekim 2021

2 Gün
Classroom / Virtual Classroom

İstanbul, Ankara, Londra
Bilgi İste & Kayıt Ol İstanbul, Ankara, Londra

18 Kasım 2021

2 Gün
Classroom / Virtual Classroom

İstanbul, Ankara, Londra
Bilgi İste & Kayıt Ol İstanbul, Ankara, Londra

16 Aralık 2021

2 Gün
Classroom / Virtual Classroom

İstanbul, Ankara, Londra
Bilgi İste & Kayıt Ol İstanbul, Ankara, Londra

İlgili Eğitimler

Certified Java and Web application security

Bu eğitim Java kodunuza bakış açınızı değiştirecek. Size bilgisayar korsanlarının sisteminize saldır...

  • Classroom
  • Virtual Classroom
  • Online

3 Gün

Secure by Design

With the increase in cyber-attacks on business, it's time to start building security into new...

  • Classroom
  • Virtual Classroom
  • Online

3 Gün

C and C++ secure coding

To put it bluntly, writing C/C++ code can be a minefield for reasons ranging from memory managemen...

  • Classroom
  • Virtual Classroom
  • Online

3 Gün

Certified C# and Web application security

.NET web uygulamaları yazmak oldukça karmaşık olabilir - bunun nedenleri eski teknolojilerle veya az...

  • Classroom
  • Virtual Classroom
  • Online

3 Gün

Secure desktop application development in C#

As a developer, your duty is to write bulletproof code. However… What if we told you that despit...

  • Classroom
  • Virtual Classroom
  • Online

3 Gün

Bug Hunting Tools & Techniques

This course aims to teach delegates the various tools, techniques and procedures for identifying a...

  • Classroom
  • Virtual Classroom
  • Online

2 Gün