Introduction
Are you challenged with creating secure applications? Do you want to learn the concepts of secure application development? This six session course is for you. James Jardine breaks down many of the core security issues into their basic concepts in easy to follow lessons. He combines real world examples with short demonstrations to identify the risks that security vulnerabilities present. This is not a class to teach you how to hack. It is designed to introduce students to the concepts of security and how to start embedding them into their day to day development activities.
Syllabus
Session 1: Intro to Application Security
• What is Application Security
• SQL Injection Demo
• AppSec Terms
• Why attackers attack
• Trust Boundaries
• OWASP
• Types of Testing
• What is a proxy
• Proxy Demo
Session 2: Injection
• Injection Overview
• Input Validation
• Output Encoding
• SQL Injection
• Cross-Site Scripting
• XSS – Demo
Session 3: Authentication / Authorization
• Authentication Introduction
• Multifactor/Security Questions/Forgot Password
• Authorization Introduction
• Direct Object Reference
• Direct Object Reference – Demo
• Multiple Authorization Demos
Session 4: Session Management / CSRF
• Intro to Session Management
• Cookie Security
• Session Identifiers
• Session Fixation
• Cross-Site Request Forgery
• Cross-Site Request Forgery – Demo
Session 5: Information Leakage / Logging
• What is Sensitive Data
• Data Classification
• Protecting data at rest and in transit
• Why Logging is important
• Types of data to Log
• Potential issues with logging
Session 6: Misconfiguration / Other
• Discuss common misconfiguration issues
• Understanding the current framework
• Identifying misconfigurations
• Open Redirect
• Open Redirect – Demo
• XXE
• XXE – Demo
Available Classes: