Secure Coding for Developers

Why bother?

Due to advancements in technology, applications tend to become ever more complex. Inevitably, this leads to a larger attack surface, and more potential attack vectors. As such, when it comes to application development, it is important to be aware of the risks associated with insecure code and inadequate deployment. This course comprises real world examples of how both common and obscure vulnerabilities may often be leveraged to wreak havoc on your application, as well as best practice solutions on risk mitigation. It will illustrate how hackers break applications, and the tools involved in the process. The course will be carried out as a seminar - even though the program consists of several sections, the attendees will have a chance to ask questions and discuss any experiences. While a large portion of the course is based on OWASP guidelines, it also includes some uncommon vectors of attack, as well as touching upon API security. The program may change depending on your needs and will include at least the following:

  • An introduction to the security testing process;
  • OWASP in practice:
  • Authentication and session management;
  • Injections and data validation;
  • XSS;
  • Direct access to resources;
  • Common misconfigurations;
  • Sensitive data disclosure;
  • Authorization schema integrity;
  • CSRF vulnerabilities;
  • Open source issues;
  • Insufficient validation of redirects;
  • Public information;
  • API security.

What's in it for me?

In this course, we will introduce your team to the most common vulnerabilities found in application security. We will explain them from the security point of view - namely, how security testing is carried out, what tools are used for this process and how to use them on an introductory level. We will use real-world examples to talk about actual cases in which a small bug may be leveraged for malicious purposes in order to gain access or extract confidential data.

What are the benefits?

  • Improved understanding and awareness of application security and associated risks.
  • Improved understanding of the application security testing process.
  • Introduction to the security testing toolkit.
  • More secure code, potentially reducing the cost of development.
  • Improved customer satisfaction.

Let's manage.

We are happy to share our knowledge, experience and expertise. Let us know what you need, and we will contact you directly.