Support

Elevate Your Expertise: Learn More, Save More, and Achieve More with Our Exclusive Training Deals!

Course Summary

As it is critical to introduce security as a quality component into the development cycle, this course has been written by developers turned Pen Testers who can help you to code in a secure manner.

Pen testing as an activity tends to capture security vulnerabilities at the end of the SDLC and it is then often too late to influence fundamental changes in the way the code is written.

The class is a highly practical and we cover a variety of best security practices and in-depth defense approaches which you should be aware of while developing applications. The class also covers quick techniques which you can use to identify various security issues throughout the code review process.

Trained delegates can:

• Write secure application code resilient to a variety of web-based attacks in the OWASP top 10.
• Understand how attackers identify vulnerabilities in code, and the impact of this, so they can adopt more secure ways of working.
• Identify and mitigate security vulnerabilities earlier on in the development lifecycle.
• Use a vocabulary of risk and exploitation to work more effectively with security practitioners.
• Understand the business impact of application security and articulate this to key stakeholders.
• Take on greater responsibility in the team and become an advocate of security in the wider business.

Module 1: APPLICATION SECURITY BASICS
• Why do we need Application Security?
• Understanding OWASP TOP 10
• UNDERSTANDING THE HTTP PROTOCOL
• Understanding HTTP/HTTPS protocol
• Understanding Requests and Responses – Attack Surface
• Configure Burpsuite to intercept HTTP/HTTPS traffic

Module 2: SECURITY MISCONFIGURATIONS
• Common misconfigurations in Web Applications
• Sensitive Information exposure and how to avoid it
• Using Softwares with known vulnerabilities

Module 3: INSUFFICIENT LOGGING AND MONITORING
• Types of Logging
• Introduction to F-ELK

Module 4: AUTHENTICATION FLAWS
• Understanding Anti-Automation Techniques
• NoSQL Security

Module 5: AUTHORIZATION BYPASS TECHNIQUES
• Securing JWT and OAuth
• Local file Inclusion
• Mass Assignment Vulnerability

Module 6: CROSS-SITE SCRIPTING (XSS)
• Types of XSS
• Mitigating XSS

Module 7: CROSS-SITE REQUEST FORGERY SCRIPTING
• Understanding CSRF
• Mitigating CSRF

Module 8: SERVER-SIDE REQUEST FORGERY (SSRF)
• Understanding SSRF
• Mitigating SSRF

Module 9: SQL INJECTION
• Error and Blind SQL Injections
• Mitigating SQL Injection
• ORM Framework: HQL Injection
• XAML EXTERNAL ENTITY (XXE) ATTACKS
• Default XML Processors == XXE
• Mitigating XXE

Module 10: UNRESTRICTED FILE UPLOADS
• Common Pitfalls around file upload
• Mitigating File upload vulnerability

Module 11: DESERIALIZATION VULNERABILITIES
• What is Serialization?
• Identifying Deserialization functions and deserialized data
• Mitigation strategies for deserialization

Module 12: CLIENT-SIDE SECURITY CONCERNS
• Understanding Same Origin Policy
• Windows Desktop ‘Breakout’ and AppLocker Bypass Techniques (Win 10)
• Client-Side Security headers and their server configurations

Module 13: SOURCE CODE REVIEW
• What to check for Security in source code
• CTF: A timed game to spot the flaws in the given Source Code samples

Module 14: DEVSECOPS
• DevSecOps – What Why and How?

There is no prerequisite for taking this course. However, it is recommended that a candidate has more than a year of experience and/or equivalent certifications/courses

Upon successful completion of the course, delegates will receive a certificate of completion, acknowledging their proficiency in the subject matter.

Following your booking, a confirmation message will be sent to all participants, ensuring you're well-informed of your successful enrollment. Calendar placeholders will also be dispatched to assist you in scheduling your commitments around the course. Rest assured, all course materials and access to necessary labs or platforms will be provided no later than one week before the course begins, allowing you ample time to prepare and engage fully with the learning experience ahead.

Our comprehensive training package includes all the necessary materials and resources to facilitate a full learning experience. Enrollees will be provided with detailed course content, encompassing a wide array of topics to ensure a thorough understanding of the subject matter. Additionally, participants will receive a certificate of completion to recognize their dedication and hard work. It's important to note that while the course fee covers all training materials and experiences, the examination fee for certification is not included but can be purchased separately.
Send as a Prefilled Cart
Request Custom Delivery

Questions About This Course?







    Other Popular Courses

    Executive Cyber Risk Certification (ECRC)
    • Duration: 2 Days
    • Language: English
    • Level: Intermediate
    • Exam: ECRC
    Select options This product has multiple variants. The options may be chosen on the product page
    See Price
    Dates & Details
    Mastering Communication & Presentation Te...
    • Duration: 4 Days
    • Language: Danish
    • Level: Intermediate
    • Exam: MCPT
    Select options This product has multiple variants. The options may be chosen on the product page
    See Price
    Dates & Details
    Next Generation Mindfulness
    • Duration: 1 Days
    • Language: English
    • Level: Foundation
    • Exam: NGM
    Select options This product has multiple variants. The options may be chosen on the product page
    See Price
    Dates & Details