Advanced application security

Security issues in modern web applications.

The goal with this course is to give attendees a comprehensive understanding of security in modern web applications with thick clients, HTML5 and other 

DESCIPTION

In this course we explore security for web applications beyond OWASP top ten. Modern web applications have fundamentally different structures than the traditional three tier architecture. However, new paradigms bring new problems and with that new security considerations. We give attendees a comprehensive understanding of security in modern web applications.

This course covers topics such as: Traditional vs. modern web application security, vulnerabilities and remedies, secure development practices and penetration testing. The course ends with a full-fledged CTF-style competition between course attendees. Attendees are expected to have a fair understanding of the OWASP top ten vulnerabilities and modern web development.

    Participants

    - Application Developers
    - Application Security
    - Personnel Software Architects

    Content

    The course comprises of seven modules with workshops and hands on activities.

    Day 1

    Module 1: Introduction

    • Why web application security still matters

    Module 2: Attacks against thick clients

    • Traditional web application security vs security in thick clients
    • Advanced injection techniques

    Module 3: Beyond injection attacks

    • Understanding and exploiting advanced vulnerabilities
    • Cross Site Request Forgery, JSON hijacking, XXE

    Module 4: Lab session

    • Practical exercises in a vulnerable web application

    Day 2

    Module 1: Why penetration test?

    • Why do we use penetration tests
    • The methodology of a penetration test
    • Software Development Lifecycle

    Module 2: Penetration testing in practice

    • Live demo of a penetration test 
    • Tools, techniques and reporting methodology

    Module 3: Capture the Flag Tournament

    • Pitting attendees against each other in a CTF-style security challenge



    Module 1: Introduction
    • What is OWASP?
    • Attacks and problems in modern web applications

    Module 2: Code standards and methodology
    • OWASP top 10.
    • OWASP Testing Guide v4
    • Reporting methodology

    Module 3: Tools of the trade
    • Burp Suite and other Proxies
    • SoapUI and integration with other tools

    Module 4: Putting it all together
    • Planning & Scope
    • Simulated Testing Engagement
    • Reporting and follow-up

    Teacher

    Jonas Magazinus. Ph.D. Jonas Magazinius is a security researcher who spans both security in theory and in practice. He holds a PhD in Computer Science with focus on web application security.

    This course is a cooperation between Assured and Nohau Solutions AB.

     

    KURSTILLFÄLLEN 

     Company specific

    SCOPE

    2 dagar

    LANGUAGE

    English

    Pris

    14 300:- exkl. VAT

    Kontakt

    Kursansvarig: Thomas Stjern
    Thomas.Stjern@inceptive.se
    +46(0)708 100 559