Select a different country or region to see content specific to your location and make online purchases.
Amazon Web Services (AWS)
Palo Alto Networks
Best Price Guarantee
NotSoSecure AppSec for Developers - APPSEC
See all Courses
Currently there are no public dates for this course. We can offer you a private group training, or you can pre-register upfront for a future public class. Please contact us.
Throughout this class, developers will be able to get on the same page with security professionals, understand their language, learn how to fix or mitigate vulnerabilities learnt during the class and get acquainted with some real-world breaches, for example, “The Equifax” breach in September 2017. Various bug bounty case studies from popular websites like Facebook, Google, Shopify, Paypal, Twitter etc will be discussed explaining the financial repercussions of application security vulnerabilities like SSRF, XXE, SQL Injection, Authentication issues etc.
The techniques discussed in this class are mainly focused on .NET, Java and NodeJS technologies owing to their huge adoption in various enterprises in building web applications. However, the approach is kept generic and developers from other language backgrounds can easily grasp and implement the knowledge learned within their own environments.
Delegates will participate in a CTF challenge where they will have the chance to identify vulnerabilities in code snippets derived from real-world applications.
Apart from the various tools and content around the course Delegates will also be provided with a 7-day lab access where they can practice all the exercises/demos shown during the course.
Delegates need to have a basic understanding of how web applications work with an added advantage for those who currently develop web applications. This training is a programming language agnostic. A Laptop with minimum 4 GB RAM and 1 GB of extra space.
Understand OWASP Top 10 2017 with practical demonstrations and deeper insight.
Understand the financial repercussions of different vulnerabilities.
Get on the same page with the security team while discussing vulnerabilities.
Identify and Fix security vulnerabilities much earlier in the SDLC process saving time and effort
This course covers industry standards such as OWASP top 10 with a practical demonstration of vulnerabilities complemented with hands-on lab practice. Provides insights into the latest security vulnerabilities (such as host header injection, XML external entity injection, attacks on JWT tokens, deserialization vulnerabilities). Offers thorough guidance on best security practices (Introduction to various security frameworks and tools and techniques for secure application development). Makes real-world analogies for each vulnerability explained (Understand and appreciate why Facebook would pay $33,000 for XML Entity Injection vulnerability?). Provides online labs for hands-on practice during and after the course (2 Days)
Application Security Basics
Why do we need Application Security?
Understanding OWASP TOP 10
Understanding the HTTP Protocol
Understanding HTTP/HTTPS protocol
Lab: Configure Burpsuite to intercept HTTP/HTTPS traffic
Understanding Requests and Responses
Lab: Manipulating HTTP headers
Demo: Host Header Injection
Attack Surface detection
Common misconfigurations in Web Applications
Sensitive Information exposure and how to avoid it