vFeed


Events

Published on September 29th, 2014 | by MaxiSoler

0

Hands-on Training: Application Security for Developers (NotSoSecure)

ToolsWatch and NotSoSecure are offering 10% Special Discount for our readers.

Use the Promotional Code: TOOLSWATCH.

The 2 days hands-on course targets web developers, security auditors, penetration testers, security managers and anyone else who wants to learn to write secure code or to audit code against security flaws.

logo_notsosecure

The course covers each and every vulnerability in depth and talks about a variety of best security practices and defence-in-depth approach which developers should keep in mind while developing applications.

The attendees will be provided access to infrastructure on which they will be practising to identify vulnerable code and subsequently discuss patching approaches. While discussing vulnerabilities, a real world analogy will be presented to help audience relate to the vulnerabilities and their impact.

While the course covers industry standards such as OWASP Top 10 and SANS top 25 security issues, it also talks about real world issues which don’t find a mention in these lists. The course does not focus on any particular web development language or technology but focus on the principles. It includes examples from PHP, .NET, classic ASP and Java.

WHEN:

  • Thursday, 20 November 2014 at 09:00
  • Friday, 21 November 2014 at 17:00

WHERE: London, United Kingdom

Note: A minimum of 7 attendees are required for an in-house class.

Course Outline:

Introduction to Web Applications

  • Design Flaws
  • Authentication
  • Authorization
  • Session Management
  • Logical Flaws
  • Web Server Misconfiguration
  • Application Server Misconfiguration
  • HTTP Methods
  • SSL and MITM attacks

Cross Site Issues

  • Cross Site Scripting
  • Cross Site Request Forgery
  • Session Fixation
  • CRLF Injection
  • Flash and Cross Domain Issues

Server Side Issues

  • SQL Injection
  • File Uploads
  • Server Side Includes
  • File Inclusion
  • Direct Object Reference
  • OS Code Execution

Best Security practices

  • HSTS
  • Content Security Policy
  • Defense in Depth

Tags: ,


About the Author

www.artssec.com @maxisoler



Back to Top ↑