Hands-on Training: Application Security for Developers (NotSoSecure)

Hands-on Training: Application Security for Developers (NotSoSecure)

ToolsWatch and NotSoSecure are offering 10% Special Discount for our readers.

Use the Promotional Code: TOOLSWATCH.

The 2 days hands-on course targets web developers, security auditors, penetration testers, security managers and anyone else who wants to learn to write secure code or to audit code against security flaws.

logo_notsosecure

The course covers each and every vulnerability in depth and talks about a variety of best security practices and defence-in-depth approach which developers should keep in mind while developing applications.

The attendees will be provided access to infrastructure on which they will be practising to identify vulnerable code and subsequently discuss patching approaches. While discussing vulnerabilities, a real world analogy will be presented to help audience relate to the vulnerabilities and their impact.

While the course covers industry standards such as OWASP Top 10 and SANS top 25 security issues, it also talks about real world issues which don’t find a mention in these lists. The course does not focus on any particular web development language or technology but focus on the principles. It includes examples from PHP, .NET, classic ASP and Java.

WHEN:

  • Thursday, 20 November 2014 at 09:00
  • Friday, 21 November 2014 at 17:00

WHERE: London, United Kingdom

Note: A minimum of 7 attendees are required for an in-house class.

Course Outline:

Introduction to Web Applications

  • Design Flaws
  • Authentication
  • Authorization
  • Session Management
  • Logical Flaws
  • Web Server Misconfiguration
  • Application Server Misconfiguration
  • HTTP Methods
  • SSL and MITM attacks

Cross Site Issues

  • Cross Site Scripting
  • Cross Site Request Forgery
  • Session Fixation
  • CRLF Injection
  • Flash and Cross Domain Issues

Server Side Issues

  • SQL Injection
  • File Uploads
  • Server Side Includes
  • File Inclusion
  • Direct Object Reference
  • OS Code Execution

Best Security practices

  • HSTS
  • Content Security Policy
  • Defense in Depth

[button size=large style=round color=green align=none url=https://www.eventbrite.co.uk/e/application-security-for-developers-tickets-12892571027?discount=TOOLSWATCH]NotSoSecure – Application Security for Developers[/button]

MaxiSoler

www.artssec.com @maxisoler
Strengthening Security: ToolsWatch Welcomes Dr. Magda Lilia Chelly and Vivek Ramachandran to Black Hat Arsenal’s Board of Review

Strengthening Security: ToolsWatch Welcomes Dr. Magda Lilia Chelly and Vivek Ramachandran to Black Hat Arsenal’s Board of Review

GISEC Armory Edition 1 Dubai 2024 – Call For Tools is Open

GISEC Armory Edition 1 Dubai 2024 – Call For Tools is Open

Black Hat Arsenal 2024 Next Stop Singapore !

Black Hat Arsenal 2024 Next Stop Singapore !

ToolsWatch introducing Armory at Gisec 2024 in Dubai: A New Arena for Cybersecurity Open Source Tools Announced

ToolsWatch introducing Armory at Gisec 2024 in Dubai: A New Arena for Cybersecurity Open Source Tools Announced

Unveiling the Awesome Lineup for Black Hat MEA Arsenal 2023 in Riyadh, KSA

Unveiling the Awesome Lineup for Black Hat MEA Arsenal 2023 in Riyadh, KSA

Announcing the First Black Hat / ToolsWatch SecTor Toronto 2023 Arsenal Tools and Their Impact on the Community

Announcing the First Black Hat / ToolsWatch SecTor Toronto 2023 Arsenal Tools and Their Impact on the Community