Familiarization with application security concepts, methodologies, and common vulnerabilities.
INTRODUCTION TO
Application Security Training
for Developers
Overview
Learn the tools and techniques for improving security on a development team.
This class is designed for those with little to no web application penetration testing experience.
- HTTP and Burp Suite
- Introduction to web application penetration testing
- Hands-on challenges
- Exploit web applications
- Basic understanding of web application penetration test
Duration
This class is generally several hours but can be anywhere between 30 minutes to several days.
Agenda
- Keeping Secrets out of Git
- Intro to Application Security & HTTP
- Why are we here?
- Security in the SDLC
- Pentester’s perspective of a Secure Environment
- Assurance Models
- Security in Agile
- Tools for Static & Dynamic Analysis
- Security in CI
- Threat Modeling
- Intro to Application Security & HTTP
- OWASP Top 10
- Broken Access Control
- Cryptographic Failures
- Injection
- Insecure Design
- Security Misconfiguration
- Vulnerable and Outdated Components
- Identification and Authorization Failures
- Software and Data Integrity Failures
- Security Logging and Monitoring Failures
- Server-Side Request Forgery
- Other topics around Authentication and API Security
- Other topics as requested
Prerequisites
Basic knowledge of HTTP requests and responses, and any web application programming experience will be helpful, but is not required.
Pricing
We offer training at various conferences. If you know of conference we may be interested in, please let us know! Pricing for private training classes is generally $3000-$4000 per day. Please contact us to get an exact quote.
Upcoming Classes
Please contact us if you are interested in us letting you know once a virtual or public class is scheduled.