About the course
This one-day course provides an introduction to the principles of secure coding for the web with a focus on the OWASP Top Ten vulnerabilities and how to protect against them. This course is a mix of theoretical and hands-on content that will involve identifying and exploiting vulnerabilities.
The course is designed to cover web applications (internet, intranet or extranet) in a language agnostic manner.
At the end of the course, attendees should have:
- Gained an understanding of the principles of secure coding for the web
- An appreciation for common security vulnerabilities and how to prevent them
- Knowledge of how to look for security vulnerabilities
- Security standards
- Secure coding principles
OWASP Top 10
- A1 Injection
- A2 Broken Authentication and Session Management
- A3 Cross-Site Scripting
- A4 Insecure Direct Object References
- A5 Security Misconfiguration
- A6 Sensitive Data Exposure
- A7 Missing Function Level Access Control
- A8 Cross-Site Request Forgery
- A9 Using Components with Known Vulnerabilities
- A10 Unvalidated Redirects and Forwards
Developers, Architects, Administrators & Technical Testers.
Less technical but interested participants are welcome, although they will get the most out of the course if they can attend with a technical colleague to share the lab work.
A good understanding of how a typical web application works and knowledge of at least one web language.