Introduction to Secure Web Coding

Course details

Duration: 1 day Cost: $760 (ex gst) To register email: training@catalyst.net.nz

About the course

An introduction to the principles of secure coding for the web. This course focuses on the OWASP Top Ten vulnerabilities and how to protect against them. Learn with a mix of theoretical and hands-on content that will involve identifying and exploiting vulnerabilities.

The course covers web applications (internet, intranet or extranet) written in all languages.

Attendees will:

• Gain an understanding of the principles of secure coding for the web

• Be familiar with common security vulnerabilities and how to prevent them

• Know how to look for security vulnerabilities.

Course Outline

• Security standards

• Secure coding principles

• OWASP Top 10

• A1 Injection

• A2 Broken Authentication and Session Management

• A3 Cross-Site Scripting

• A4 Insecure Direct Object References

• A5 Security Misconfiguration

• A6 Sensitive Data Exposure

• A7 Missing Function Level Access Control

• A8 Cross-Site Request Forgery

• A9 Using Components with Known Vulnerabilities

• A10 Unvalidated Redirects and Forwards

• HTTP Security Headers

• Evil User Stories

Target Audience

Developers, Architects, Administrators and Technical Testers.

Less technical but interested participants are welcome, although they will get the most out of the course if they can attend with a technical colleague to share the lab work.

Prerequisites

A good understanding of how a typical web application works and knowledge of at least one web language.