GB
/
GBP
/
EN

CKP AppSec for Developers - CCPE

WGAC-CKP-AppSecDev

Check Point

Description

Show Tabs
Introduction

This class aims at educating developers about various security vulnerabilities
through hands-on practice using our intentionally developed insecure web
application built on Microsoft .NET platform. Throughout this class, developers will
be able to get on the same page with security professionals, understand their
language, learn how to fix or mitigate vulnerabilities learnt during the class and
also get acquainted with some real-world breaches, for example, “The Equifax”
breach in September 2017 and application vulnerabilities from popular websites
like Facebook, Google, Instagram, Paypal etc.
The techniques discussed in this class are mainly focused on .NET and Java
technologies owing to their huge adoption in various enterprises in building web
applications. However, the approach is generic and developers from other
language backgrounds can easily grasp and implement the knowledge learnt
within their own environments.

The class is a highly practical class that targets web developers, pen testers, and
anyone else wanting to write secure code, or audit code against security flaws. The
class covers a variety of best security practices and in-depth defense approaches
which developers should be aware of while developing applications. The class also
covers some quick techniques which developers can use to identify various security
issues throughout the code review process.
Students can access our online lab which is riddled with multiple vulnerabilities.
Students will receive demonstrations and hands-on practice of the vulnerabilities to
better understand and grasp the issues, followed by various techniques and
recommendations on how to go about fixing them. While the class covers industry
standards such as OWASP top 10 and SANS top 25 security issues, it also covers
various real world issues such as the business logic and authorization flaws.

Prerequisites & Audience

The only requirement for this class is that you bring your own laptop with the
latest version of Java (JDK) installed. Attendees will be provided with access to
our online lab which has been built on the latest .NET ASPX framework and all
the tools and materials required during the class.

Course Benefits

Covers industry standards such as OWASP top 10 with practical demonstration of vulnerabilities complemented with hands-on lab practice

.• Provides insights into the latest security vulnerabilities (such as host header injection, XML external entity injection,attacks on JWT tokens,known plaintext attacks, deserialization vulnerabilities).

• Offers thorough guidance on best security practices (Introduction to various security frameworks and tools and techniques for secure application development).

• Makes real-world analogies for each vulnerability explained (Understand and appreciate why Facebook would pay $33,000 for XML Entity Injection vulnerability?).

• Provides online labs for hands-on practice during and after the course (2 Days) • Course material shared online.

Course Topics

• Application Security Basics
• Understanding the HTTP Protocol

• Security Misconfigurations
• nsufficient Logging and Monitoring


• Authentication Flaws
• Authorization Bypass Techniques


• Cross Site Scripting (XSS)
• Cross Site Request Forgery (CSRF)


• Server Side Request Forgery(SSRF)


• SQL Injection


• XML External Entity (XXE) Attacks


• Unrestricted File Uploads


• Deserialization Vulnerabilities


• Client-Side Security Concerns

• Source Code Review
• DevSecOps

Check Point courses


Check Point Certified VSX Specialist - CCVS
CODE: WGAC-CKP-CCVS
CKP AppSec for Developers - CCPE
CODE: WGAC-CKP-AppSecDev
Check Point HackingPoint™ Infrastrucure Hacking PenTesting Expert CCPE - HP-IH
CODE: WGAC-CKP-HP-IH
Check Point Certified Security Admin R80.40 - CCSA
CODE: WGAC-CKP-CCSA-R8X
Check Point HackingPoint™ Malware Analysis Fundamentals - HP-MAF
CODE: WGAC-CKP-HP-MAF
Check Point HackingPoint™ 101 - HP-101
CODE: WGAC-CKP-HP-101
Check Point Certified Troubleshooting Expert - CCTE
CODE: WGAC-CKP-CCTE
Check Point Certified Security Expert R80.40 - CCSE
CODE: WGAC-CKP-CCSE-R8X
Check Point Automation Specialist R80.20 - CCAS
CODE: WGAC-CKP-CCAS-R8X
Check Point Certified Maestro Expert - CME
CODE: WGAC-CKP-CME
Check Point HackingPoint™ Advanced Infrastrucure Hacking PenTesting Expert CCPM - HP-AIH
CODE: WGAC-CKP-HP-AIH
Check Point HackingPoint™ Advanced Web Hacking PenTesting Expert CCPM - HP-AWH
CODE: WGAC-CKP-HP-AWH
Check Point Certified Troubleshooting Administrator - CCTA
CODE: WGAC-CKP-CCTA
Check Point Certified MultiDomain Management Specialist -CCMS
CODE: WGAC-CKP-CCMS
Check Point DevSecOps - CCPA
CODE: WGAC-CKP-DevSecOps
Check Point Endpoint Specialist - CCES
CODE: WGAC-CKP-CCES
Check Point Certified Cloud Specialist - CCCS
CODE: WGAC-CKP-CCCS
Check Point HackingPoint™ Web Hacking - HP-WH
CODE: WGAC-CKP-HP-WH
This website uses cookies to ensure you get the best experience on our website.