Cursos

AppSec for Developers

1,125.00 +Iva

Dias: 2
Duração: 14 horas
Próxima Data: 08/03/2022 a 09/03/2022
Área: Cybersecurity
Certificação Associada:156-405 – Check Point Certified PenTesting Expert – AppSec for Developers (CCPE-A)
Local: Lisboa e Porto

*Curso disponível em Live Training

Quero inscrever-me
REF: NSSAfD Categoria: Etiqueta:

Descrição

Penetration testing (security testing) as an activity tends to capture security vulnerabilities at the end of the SDLC and then it is often too late to influence fundamental changes in the way the code is written.

This class has being written due to the increasing need for developers to code in a secure manner. It is critical to introduce security as a quality component into the development cycle. This class aims at educating developers about various security vulnerabilities through hands-on practice using our intentionally developed insecure web application built on Microsoft .NET platform. Throughout this class, developers will be able to get on the same page with security professionals, understand their language, learn how to fix or mitigate vulnerabilities learnt during the class and also get acquainted with some real-world breaches, for example, “The Equifax” breach in September 2017 and application vulnerabilities from popular websites like Facebook, Google, Instagram, Paypal etc.

The techniques discussed in this class are mainly focused on .NET and Java technologies owing to their huge adoption in various enterprises in building web applications. However, the approach is generic and developers from other language backgrounds can easily grasp and implement the knowledge learnt within their own environments.

Destinatários

This class is ideal for Web/API developers who work day-in-day out building full-stack web applications or web APIs. Anyone who is looking to develop a skillset into web application security and identify web application flaws can also benefit from this course. beneficial.

Programa

Module 1: Application Security Basics

  • Why do we need Application Security?
  • Understanding OWASP TOP 10 2017

Module 2: Understanding the HTTP Protocol

  • Understanding HTTP/HTTPS protocol
  • Understanding Requests and Responses – Attack Surface
  • Configure Burpsuite to intercept HTTP/HTTPS traffic

Module 3: Security Misconfigurations

  • Common misconfigurations in Web Applications
  • Sensitive Information exposure and how to avoid it
  • Using Softwares with known vulnerabilities

Module 4:Insufficient Logging and Monitoring

  • Types of Logging
  • Introduction to F-ELK

Module 5: Authentication Flaws

  • Understanding Anti-Automation Techniques
  • NoSQL Security
  • Understanding WebAuthn – Passwordless Authentication Framework

Module 6: Authorization Bypass Techniques

  • Securing JWT and OAuth
  • Local file Inclusion
  • Mass Assignment Vulnerability

Module 7: Cross-Site Scripting (XSS)

  • Types of XSS
  • Session Hijacking
  • Mitigating XSS

Module 8: Cross-Site Request Forgery Scripting

  • Understanding CSRF
  • Mitigating CSRF

Module 9: Server-Side Request Forgery (SSRF)

  • Understanding CSRF
  • Mitigating CSRF

Module 10: SQL Injection

  • Error and Blind SQL Injections
  • Mitigating SQL Injection
  • ORM Framework: HQL Injection

Module 11: XML External Entity (XXE) Attacks

  • Default XML Processors == XXE
  • Mitigating XXE

Module 12: Unrestricted File Uploads

  • Common Pitfalls around file upload
  • Mitigating File upload vulnerability

Module 13: Deserialization Vulnerabilities

  • What is Serialization?
  • Identifying Deserialization functions and deserialized data
  • Mitigation strategies for deserialization

Module 14: Client-Side Security Concerns

  • Understanding Same Origin Policy
  • Client-Side Security headers and their server configurations

Module 15: Source Code Review

  • What to check for Security in source code
  • CTF: A timed game to spot the flaws in the given Source
    Code samples

Module 16: DevSecOps

  • DevSecOps – What Why and How?
  • Case Study

Pré-requisitos

The only requirement for this class is that you bring your own laptop with the latest version of Java (JDK) installed. Attendees will be provided with access to our online lab which has been built on the latest .NET ASPX framework and all the tools and materials required during the class.

Outras datas

Consulte-nos!