A dive into application security in more detail, covering advanced concepts and topics. Continues from where Basics of web application security left off.
Meant for members of a development team who want to take their security understanding further and practice more advanced usage of penetration testing tools. The topics of the training are based on prior requests from attendees.
Duration
6h
Capacity
15–20 persons
For
Developers & testers
Example agenda
MORNING
Recap from Basics of web application security
Security layers
How different layers are used to secure a web application and its background services, and what types of vulnerabilities exist in different layers
Handling input
What are the typical pathways from which input comes to a system, and what to take into account when validating it
AFTERNOON
Exploit anatomy
Case examples of advanced exploits in modern technologies
Hands-on exercises
Discovering and exploiting common vulnerabilities in a realistic web application environment
Security controls
Ten security controls that every developer should know Wrapping up & next steps
The actual agenda is planned together in the kick-off meeting.
Feedback from attendees
“A well-balanced course, containing adequately hands-on exercises. Bonus for OSS tools that are available after the course!”
“Thanks for the course! The hands-on approach was good for the ’gut feeling’ of what cyber security vulnerabilities can be causing.”
“Very nice training! The trainer was clearly a professional and conveyed the topics clearly and understandably. The hands-on parts were interesting and provided concrete insights.”
Sertifioitu ja asiantunteva kumppani
Silverskin is a CREST certified penetration testing service provider. Continuous learning, etc.
