The techniques discussed in this class are mainly focused on .NET and JAVA technologies owing to their huge adoption in various enterprises in building web applications. However, the approach is generic and developers from other language backgrounds can easily grasp and implement the knowledge learnt in within their own environments.
This class is Ideal for:
- Software/Web Developers,
- PL/SQL Developers,
- Penetration Testers,
- Security Auditors,
- DBAs and Security Managers.
N.B. This course meets the requirements of the PCI-DSS standard, specifically the mandated requirement 6.5:
- Prevent common coding vulnerabilities in software development processes by training developers in secure coding techniques and developing applications based on secure coding guidelines - including how sensitive data is handled in memory.
Delegates will use labs which are purposely riddled with multiple vulnerabilities. Delegates will receive demonstrations and hands-on practice of the vulnerabilities to better understand and grasp the issues, followed by various techniques and recommendations on how to go about fixing them. While the course covers industry standards such as OWASP Top 10 and common security issues, it also covers real world issues like various Business Logic and Authorisation flaws.
- Covers latest industry standards such as OWASP Top 10 with practical demonstrations of vulnerabilities complemented with Hands-on Lab practice
- Insight into the latest security vulnerabilities such as Host Header Injection, XML Entity Injection, Web-Services and API Security
- Thorough guidance on the best security practices Introduction to various Security Frameworks and tools and techniques for Secure Development
- References to real-world analogy for each vulnerability Understand and appreciate why Facebook would pay $33,000 for XML Entity Injection Vulnerability?
A highly-practical class that targets web developers, pen testers, and anyone else wanting to write secure code, or audit code against security flaws. The class covers a variety of the best security practices and in-depth defense approaches which developers should be aware of while developing applications. The class also covers some quick techniques which developers can use to identify various security issues throughout the code review process.