Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Introduction to Application Security
- The importance of application security in modern software development.
- Overview of common cyber threats and attack vectors.
- Understanding security risks in web and mobile applications.
Secure Software Development Lifecycle (SDLC)
- Integrating security into every phase of development.
- Threat modeling and risk assessment.
- Automated security testing in CI/CD pipelines.
Understanding Common Security Vulnerabilities
- Introduction to OWASP Top 10 security risks.
- Typical coding flaws that lead to vulnerabilities.
- Exploiting insecure applications (hands-on exercises using DVWA/WebGoat).
Input Validation and Secure Coding Practices
- Preventing SQL injection, cross-site scripting (XSS), and command injection.
- Best practices for input sanitization and validation.
- Implementing secure authentication and authorization mechanisms.
Session Management and Data Protection
- Managing session security: best practices for cookies, tokens, and JWT.
- Data encryption techniques and secure storage methods.
- Secure API development and protection against API abuses.
Security Testing and Vulnerability Assessment
- Using OWASP ZAP and Burp Suite for security testing.
- Static and dynamic application security testing (SAST/DAST).
- Penetration testing fundamentals for developers.
Implementing Secure DevOps (DevSecOps)
- Security automation within DevOps workflows.
- Container security and securing cloud applications.
- Incident response and security monitoring.
Summary and Next Steps
- Key takeaways from the course.
- Resources for further learning.
- Q&A and closing remarks.
Requirements
- Basic knowledge of any programming language.
- Experience in application development.
Audience
- Software developers.
- Application security engineers.
- DevOps and security teams.
21 Hours
Testimonials (1)
Lot's of information explained very well. Good examples, interesting exercises. Trainer showed us his real world experience.