AppSec for Developers

1,125.00 +Iva

Dias: 2
Duração: 14 horas
Próxima Data: 29/03/2021 a 30/03/2021
Área: Cybersecurity
Certificação Associada: N/A
Local: Lisboa e Porto

*Curso disponível em Live Training

Quero inscrever-me
REF: NSSAfD Categoria: Etiqueta:


Penetration testing (security testing) as an activity tends to capture security vulnerabilities at the end of the SDLC and then it is often too late to influence fundamental changes in the way the code is written.

This class has being written due to the increasing need for developers to code in a secure manner. It is critical to introduce security as a quality component into the development cycle. This class aims at educating developers about various security vulnerabilities through hands-on practice using our intentionally developed insecure web application built on Microsoft .NET platform. Throughout this class, developers will be able to get on the same page with security professionals, understand their language, learn how to fix or mitigate vulnerabilities learnt during the class and also get acquainted with some real-world breaches, for example, “The Equifax” breach in September 2017 and application vulnerabilities from popular websites like Facebook, Google, Instagram, Paypal etc.

The techniques discussed in this class are mainly focused on .NET and Java technologies owing to their huge adoption in various enterprises in building web applications. However, the approach is generic and developers from other language backgrounds can easily grasp and implement the knowledge learnt within their own environments.


This class is ideal for:
Software/Web Developers, PL/SQL Developers, Penetration Testers, Security Auditors, Administrators, DBAs and Security Managers.
Prior pen-test experience is not mandatory, however, some knowledge of cloud services and a familiarity with common command line commands will be beneficial.


Module 1.

  • Application Security Basics

Module 2.

  • Understanding the HTTP Protocol

Module 3.

  • Security Misconfigurations

Module 4.

  • Insufficient Logging and Monitoring

Module 5.

  • Authentication Flaws

Module 6.

  • Authorization Bypass Techniques

Module 7.

  • Cross Site Scripting (XSS)

Module 8.

  • Cross-Site Request Forgery Scripting (CSRF)

Module 9.

  • Server Side Request Forgery(SSRF)

Module 10.

  • SQL Injection

Module 11.

  • XML External Entity (XXE) Attacks

Module 12.

  • Insecure File Uploads

Module 13.

  • Deserialization Vulnerabilities

Module 14.

  • Client-Side Security Concerns

Module 15.

  • Source Code Review

Module 16.

  • DevSecOps


The only requirement for this class is that you bring your own laptop with the latest version of Java (JDK) installed. Attendees will be provided with access to our online lab which has been built on the latest .NET ASPX framework and all the tools and materials required during the class.

Outras datas

17/05/2021 a 18/05/2021