AppSec for Developers

Virtual Learning: 2,050€ + IVA

REF: NSSAPPSEC Catálogo: Cybersecurity Área: Claranet Cyber Security (NotSoSecure), Cybersecurity

Duração icon

Duração:

2 dias

Próxima Data icon

Próxima Data:

Consulte-nos

Local icon

Local:

Online

Descrição

The future of secure software is in your hands. Join this extremely informative 2-day course to bring your application security skills up to the industry standard and widen your career prospects. Get significant hands-on experience with our popular virtual labs and learn from industry experts, practicing penetration testers with a legacy of training at Black Hat. You’ll learn how to find and fix vulnerabilities in code, enhance the security culture within your dev team, apply DevSecOps thinking day to day, and more...

This course uses a Defense by Offense methodology based on real world offensive research (not theory). That means everything we teach has been tried and tested on live environments and in our labs, so you can put it into practice as soon as the training is over

*PVP por participante. A realização do curso nas datas apresentadas está sujeita a um quórum mínimo de inscrições.

Destinatários

  • Software developers (beginner to advanced)
  • Development team leads

This course is suitable for software developers and development teams who want to build and maintain secure software. The syllabus considers different application development strategies, from preserving legacy applications to developing new products.

  • Área: Cybersecurity

  • Certificação Associada: N/A

Quero inscrever-me.

Programa:

APPLICATION SECURITY BASICS

  • Why do we need Application Security?
  • Understanding OWASP TOP 10

UNDERSTANDING THE HTTP PROTOCOL

  • Understanding HTTP/HTTPS protocol
  • Understanding Requests and Responses – Attack Surface
  • Configure Burpsuite to intercept HTTP/HTTPS traffic

SECURITY MISCONFIGURATIONS

  • Common misconfigurations in Web Applications
  • Sensitive Information exposure and how to avoid it
  • Using Softwares with known vulnerabilities

INSUFFICIENT LOGGING AND MONITORING

  • Types of Logging
  • bIntroduction to F-ELK

AUTHENTICATION FLAWS

  • Understanding Anti-Automation Techniques
  • NoSQL Security

AUTHORIZATION BYPASS TECHNIQUES*

  • Securing JWT and OAuth
  • Local file Inclusion
  • Mass Assignment Vulnerability

CROSS-SITE SCRIPTING (XSS)

  • Types of XSS
  • Mitigating XSS

CROSS-SITE REQUEST FORGERY SCRIPTING

  • Understanding CSRF
  • Mitigating CSRF

SERVER-SIDE REQUEST FORGERY (SSRF)

  • Understanding SSRF
  • Mitigating SSRF

SQL INJECTION

  • Error and Blind SQL Injections
  • Mitigating SQL Injection
  • ORM Framework: HQL Injection

XAML EXTERNAL ENTITY (XXE) ATTACKS

  • Default XML Processors: XXE
  • Mitigating XXEel

UNRESTRICTED FILE UPLOADS

  • Common Pitfalls around file upload
  • Mitigating File upload vulnerability

DESERIALIZATION VULNERABILITIES

  • What is Serialization?
  • Identifying Deserialization functions and deserialized data
  • Mitigation strategies for deserialization

CLIENT-SIDE SECURITY CONCERNS

  • Understanding Same Origin Policy
  • Client-Side Security headers and their server configurations

SOURCE CODE REVIEW

  • How to validate source code security
  • Walkthrough: How threat actors chain vulnerabilities to achieve greater impact
  • Capture the Flag: a timed competition challenging you to spot flaws in different samples of source code

DEVSECOPS

  • DevSecOps: what is it, how do you build it, and what tools can you use?

Pré-requisitos:

Delegates need to have a basic understanding of how web applications work with an added advantage for those who currently develop web applications. This training is a programming language agnostic.

A Laptop with minimum 4 GB RAM and 1 GB of extra space is also required.

Quero inscrever-me.

Partilha:
We meet future and then we make it spark slogan

Precisas de ajuda a encontrar o teu futuro?

The answer you entered for the CAPTCHA was not correct.

A background of the Ignit sparks