Call : (+91) 968636 4243
Mail : info@EncartaLabs.com
EncartaLabs

Application Security for Developers

( Duration: 2 Days )

In Application Security for Developers training course, you will gain an understanding of application security vulnerabilities including the industry standard OWASP Top 10 list and learn strategies to defend against them. Pen testing (security testing) as an activity tends to capture security vulnerabilities at the end of the SDLC and then it is often too late to influence fundamental changes in the way the code is written.

Throughout this class, developers will be able to get on the same page with security professionals, understand their language, learn how to fix or mitigate vulnerabilities learnt during the class and get acquainted with some real-world breaches. The techniques discussed in this class are mainly focused on .NET, Java and NodeJS technologies owing to their huge adoption in various enterprises in building web applications. However, the approach is kept generic and developers from other language backgrounds can easily grasp and implement the knowledge learned within their own environments.

By attending Application Security for Developers workshop, delegates will learn:

  • Industry standards such as OWASP top 10 with a practical demonstration of vulnerabilitiescomplemented with hands-on lab practice.
  • Gain insights into the latest security vulnerabilities (such as host header injection, XML external entity injection, attacks on JWT tokens, deserialization vulnerabilities).
  • Best security practices (Introduction to various security frameworks and tools and techniques for secure application development).
  • Understand the financial repercussions of different vulnerabilities.
  • Get on the same page with the security team while discussing vulnerabilities.
  • Identify and Fix security vulnerabilities much earlier in the SDLC process saving time and effort.

  • Basic understanding of how web applications work.

The Application Security for Developers class is ideal for:

  • Web/API developers who work day-in-day out building full-stack web applications or web APIs.
  • Anyone who is looking to develop a skill-set into web application security and identify web application flaws can also benefit from this course.

COURSE AGENDA

1

Application Security Basics

  • Why do we need Application Security?
  • Understanding OWASP TOP 10 vulnerabilities
2

Understanding the HTTP Protocol

  • Understanding HTTP/HTTPS protocol
  • Understanding Requests and Responses - Attack Surface
  • Configure Burpsuite to intercept HTTP/HTTPS traffic
3

Security Misconfigurations

  • Common misconfigurations in Web applications
  • Sensitive Information exposure and how to avoid it
  • Using Softwares with known vulnerabilities
4

Insufficient Logging and Monitoring

  • Types of Logging
  • Introduction to F-ELK
5

Authentication Flaws

  • Understanding Anti-Automation Techniques
  • NoSQL Security
  • Understanding WebAuthn – Passwordless Authentication Framework
6

Authorization Bypass Techniques

  • Securing JWT and OAuth
  • Local file Inclusion
  • Mass Assignment Vulnerability
7

Cross-Site Scripting (XSS)

  • Types of XSS
  • Session Hijacking
  • Mitigating XSS
8

Cross-Site Request Forgery Scripting

  • Understanding CSRF
  • Mitigating CSRF
9

Server-Side Request Forgery (SSRF)

  • Understanding SSRF
  • Mitigating SSRF
10

SQL Injection

  • Error and Blind SQL Injections
  • Mitigating SQL Injection
  • ORM Framework: HQL Injection
11

XML External Entity (XXE) Attacks

  • Default XML Processors - XXE
  • Mitigating XXE
12

Unrestricted File Uploads

  • Common Pitfalls around file upload
  • Mitigating File upload vulnerability
13

Deserialization Vulnerabilities

  • What is Serialization?
  • Identifying Deserialization functions and deserialized data
  • Mitigation strategies for deserialization
14

Client-Side Security Concerns

  • Understanding Same Origin Policy
  • Client-Side Security headers and their server configurations
15

Source Code Review

  • What to check for Security in source code
  • CTF: A timed game to spot the flaws in the given Source Code samples
16

DevSecOps

  • DevSecOps - What Why and How?

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 6,000 various courses on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 50,000 Corporate executives across the Globe
  • All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting https://www.encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop/online training for a group of 10+ candidates.

Top
Notice
X