Web Application Security

OWASP Top 10 and Threat Modeling

Description

Web security is an ever-changing landscape. Protect your infrastructure and your sensitive data with this 1-day workshop. We'll start with the theory behind application hardening. We will then go through a multitude of common vulnerabilities, along with concrete examples and solution in your target programming language. We'll finish with an interactive risk assessment session.

Objectives

  • Avoid common coding vulnerabilities.
  • Identify security threats to your own applications.

Prerequisites

  • Experience in Web development

Programme

  • Application hardening basics.
  • Injection flaws.
  • Broken authentication.
  • Sensitive data exposure.
  • XML External Entities.
  • Broken access control.
  • Security misconfiguration.
  • Cross-site scripting.
  • Insecure deserialization.
  • Using components with known vulnerabilities.
  • Insufficient logging & monitoring.
  • Buffer overflows.
  • Insecure cryptographic storage.
  • Insecure communications.
  • Improper error handling.
  • Cross-site request forgery.
  • Vulnerability identification and classification.

This training helps satisfy the following PCI DSS requirements:

  • 6.5.a: Examine software-development policies and procedures to verify that up-to-date training in secure coding techniques is required for developers at least annually, based on industry best practices and guidance.
  • 6.5.b: Examine records of training to verify that software developers receive up-to-date training on secure coding techniques at least annually, including how to avoid common coding vulnerabilities.
  • 12.6.1.b: Verify that personnel attend security awareness training upon hire and at least annually.