Advanced application security
Security issues in modern web applications.
The goal with this course is to give attendees a comprehensive understanding of security in modern web applications with thick clients, HTML5 and other
In this course we explore security for web applications beyond OWASP top ten. Modern web applications have fundamentally different structures than the traditional three tier architecture. However, new paradigms bring new problems and with that new security considerations. We give attendees a comprehensive understanding of security in modern web applications.
This course covers topics such as: Traditional vs. modern web application security, vulnerabilities and remedies, secure development practices and penetration testing. The course ends with a full-fledged CTF-style competition between course attendees. Attendees are expected to have a fair understanding of the OWASP top ten vulnerabilities and modern web development.
- Application Developers
- Application Security
- Personnel Software Architects
The course comprises of seven modules with workshops and hands on activities.
Module 1: Introduction
- Why web application security still matters
Module 2: Attacks against thick clients
- Traditional web application security vs security in thick clients
- Advanced injection techniques
Module 3: Beyond injection attacks
- Understanding and exploiting advanced vulnerabilities
- Cross Site Request Forgery, JSON hijacking, XXE
Module 4: Lab session
- Practical exercises in a vulnerable web application
Module 1: Why penetration test?
- Why do we use penetration tests
- The methodology of a penetration test
- Software Development Lifecycle
Module 2: Penetration testing in practice
- Live demo of a penetration test
- Tools, techniques and reporting methodology
Module 3: Capture the Flag Tournament
- Pitting attendees against each other in a CTF-style security challenge
Module 1: Introduction
• What is OWASP?
• Attacks and problems in modern web applications
Module 2: Code standards and methodology
• OWASP top 10.
• OWASP Testing Guide v4
• Reporting methodology
Module 3: Tools of the trade
• Burp Suite and other Proxies
• SoapUI and integration with other tools
Module 4: Putting it all together
• Planning & Scope
• Simulated Testing Engagement
• Reporting and follow-up
Jonas Magazinus. Ph.D. Jonas Magazinius is a security researcher who spans both security in theory and in practice. He holds a PhD in Computer Science with focus on web application security.
This course is a cooperation between Assured and Nohau Solutions AB.
14 300:- exkl. VAT
Kursansvarig: Thomas Stjern
+46(0)708 100 559