A 2 day practical live online course to understand application security vulnerabilities including the industry standard OWASP Top 10 list and learn strategies to the defense against them.
This class has been written due to the increasing need for developers to code in a secure manner. It is critical to introduce security as a quality component into the development cycle. This class aims at educating developers about various security vulnerabilities through hands-on practice using our intentionally developed insecure web application built on Microsoft .NET platform. Throughout this class, developers will be able to get on the same page with security professionals, understand their language, learn how to fix or mitigate vulnerabilities learnt during the class and also get acquainted with some real-world breaches, for example, “The Equifax” breach in September 2017 and application vulnerabilities from popular websites like Facebook, Google, Instagram, Paypal etc.
The techniques discussed in this class are mainly focused on .NET and Java technologies owing to their huge adoption in various enterprises in building web applications. However, the approach is generic and developers from other language backgrounds can easily grasp and implement the knowledge learnt within their own environments.
Covers industry standards such as OWASP top 10 2017 with a practical demonstration of vulnerabilities complemented with hands-on lab practice.
Provides insights into the latest security vulnerabilities (such as host header injection, XML external entity injection, attacks on JWT tokens, deserialization vulnerabilities).
Offers thorough guidance on best security practices (Introduction to various security frameworks and tools and techniques for secure application development).
Makes real-world analogies for each vulnerability explained (Understand and appreciate why Facebook would pay $33,000 for XML Entity Injection vulnerability?).
Provides online labs for hands-on practice during and after the course (2 Days).
- Understand OWASP Top 10 2017 with practical demonstrations and deeper insight.
- Understand the financial repercussions of different vulnerabilities.
- Get on the same page with the security team while discussing vulnerabilities.
- Identify and Fix security vulnerabilities much earlier in the SDLC process saving time and effort.
Who Should Attend
This class is ideal for Web/API developers who work day-in-day outbuilding full-stack web applications or web APIs. Anyone who is looking to develop a skill-set into web application security and identify web application flaws can also benefit from this course.