About the course
An introduction to the principles of secure coding for the web. This course focuses on the OWASP Top Ten vulnerabilities and how to protect against them. Learn with a mix of theoretical and hands-on content that will involve identifying and exploiting vulnerabilities.
The course covers web applications (internet, intranet or extranet) written in all languages.
- Gain an understanding of the principles of secure coding for the web
- Be familiar with common security vulnerabilities and how to prevent them
- Know how to look for security vulnerabilities.
- Security standards
- Secure coding principles
- HTTP Security Headers
- Evil User Stories
OWASP Top 10
- A 1 Injection
- A 2 Broken Authentication and Session Management
- A 3 Cross-Site Scripting
- A 4 Insecure Direct Object References
- A 5 Security Misconfiguration
- A 6 Sensitive Data Exposure
- A 7 Missing Function Level Access Control
- A 8 Cross-Site Request Forgery
- A 9 Using Components with Known Vulnerabilities
- A 10 Unvalidated Redirects and Forwards
- Developers, Architects, Administrators and Technical Testers.
- Less technical but interested participants are welcome, although they will get the most out of the course if they can attend with a technical colleague to share the lab work.
A good understanding of how a typical web application works and knowledge of at least one web language.