Cyber Security Training

Application Security for Developers - 2019 Edition 

Application Security for Developers - 2019 Edition 


Following on from the successful delivery of a series of Cyber Security Training courses, NotSoSecure will be providing training at Cyber Security X, part of Digital Transformation EXPO Europe. 

The 2 day training course will take place on 9-10 October at the ExCeL London where Digital Transformation EXPO Europe is taking place which allows you to cross between the training and event in order to watch seminars and see headlining speakers as well as speak with exhibitors during your breaks in training. 


Overview

This training is highly practical and is aimed at web developers, pen-testers, and anyone else wanting to write secure code, or audit code against security flaws. The class covers a variety of best security practices and in-depth defence approaches which developers should be aware of while developing applications. It will also cover some quick techniques which developers can use to identify various security issues throughout the code review process.

Participants can access our online lab which is riddled with multiple vulnerabilities. You will receive demonstrations and hands-on practice of the vulnerabilities to better understand and grasp the issues, followed by various techniques and recommendations on how to go about fixing them. While the training covers industry standards such as OWASP top 10 and SANS top 25 security issues, it also covers various real-world issues such as the business logic and authorisation flaws.

The techniques discussed over the two days are mainly focused on .NET and Java technologies owing to their huge adoption in various enterprises in building web applications. However, the approach is generic and developers from other language backgrounds can easily grasp and implement the knowledge learnt within their own environments.

Who Should Attend?

The class is ideal for: Software/Web Developers, PL/SQL Developers, Penetration Testers, Security Auditors, Administrators, DBAs and Security Managers.
Prior pen-test experience is not mandatory, however, some knowledge of cloud services and a familiarity with common command line commands will be beneficial.

Module 1: Application Security Basics
Module 2: Understanding the HTTP Protocol
Module 3: Security Misconfigurations
Module 4: Insufficient Logging and Monitoring
Module 5: Authentication Flaws
Module 6: Authorization Bypass Techniques
Module 7: Cross Site Scripting (XSS)
Module 8: Cross Site Request Forgery (CSRF)
Module 9: Server Side Request Forgery (SSRF) 
Module 10: SQL Injection
Module 11: XML External Entity (XXE) Atacks
Module 12: Unrestricted File Uploads
Module 13: Deserialization Vulnerabilities
Module 14: Client-Side Security Concerns
Module 15: Source Code Review
Module 16: DevSecOps





Click here to download the NotSoSecure fact sheet. 

If you have any queries, please contact marketing@imagotechmedia.com