Application Security testing (Also known as whitebox testing) as an activity tends to capture security vulnerabilities at the end of the SDLC and is often too late to be able to influence fundamental changes in the way code is written.
If you are a developer who requires mitigation strategies or fails to understand issues like Cross-Site Scripting, XML, External Entity attacks, Deserialization issues, Content-Security Policy and many more application security vulnerabilities and their remediation then this class is for you!
If you are Manager responsible for handling a development team and would like to give a good dose of security knowledge so that you can avoid application security bugs in your code, then you are at the right place!
If you are a DevOps engineer wondering how to automate security into your pipeline, then this course will teach you on how to metamorphose your DevOps to DevSecOps. If you would like to avoid breaches like that of Equifax in September 2017, then sign up now!
Designed for Cloud Administrators, Developers, Solutions Architects, DevOps Engineers, SOC Analysts, Penetration Testers, Network Engineers, Security Auditors, security enthusiasts and anyone who wants to take their skills to next level.
Any person who wishes to learn about application security vulnerabilities and understand more about their impact;
- Developers who create web applications in any language can attend
- Any technical person having a basic knowledge of how web applications work or is responsible for Implementing, managing or protecting web applications
- Any DevOps engineer looking to automate security
Delegates will learn how to
Obtain a hands-on introduction to application security vulnerabilities like Cross-Site Scripting, SQL Injection, XXE, Authentication & authorization flaws on our purposely built vulnerable web applications to help you understand the vulnerabilities better. Thereby enabling you to defend your organization’s website or assets.
- Identify application security bugs in code and fix them before deploying it into production
- Identify vulnerable libraries and avoid their usage
- Develop secure web applications so that you don’t waste your time later in fixing security issues
- Understand the methodology that can be used to automate and integrate security
- Understand what application security vulnerabilities are their trends
- Gain an insight into their impact through practical demonstrations
- Learn how to fix/avoid them by discussing various strategies, best practices, code snippets and tools
- Learn how to inject Security into your DevOps pipeline to automate security and develop a DevSecOps pipeline
- Application Security Basics
- Understanding HTTP protocol
- Security Misconfigurations
- Insufficient Logging and Monitoring
- Authentication Flaws
- Authorization Bypass
- Cross Site Scripting (XSS)
- Cross Site Request Forgery (CSRF)
- Server-Side Request Forgery
- SQL Injection
- XML External Entity (XXE) Attacks
- Insecure File Uploads
- Deserialization Vulnerabilities
- Client-Side Security
- Source Code Review
- Introduction and overview of DevOps
- What and Why of DevSecOps?
- Integrating Security in CI/CD
- Vulnerability Management using Archerysec
- Secret Management using Vault, Jenkins and Docker Secrets
- Security in Developer Workstations: Pre-Commit Hooks using Talisman
- Software Composition Analysis using Dependency-Checker
- SAST – Static Application Security Testing using FindSecBugs
- DAST – Dynamic Application Security Testing using ZAP
- Security in Infrastructure as a Code using Clair
- Automated Vulnerability Assessment using OpenVAS
- Compliance as Code using Inspec
- Monitoring and Feedback using Modsecurity WAF
- DevSecOps in AWS
- Challenges in DevSecOps
- DevSecOps Enablers