Web Application Security
OWASP Top 10 and Threat Modeling
Web security is an ever-changing landscape. Protect your infrastructure and your sensitive data with this 1-day workshop. We'll start with the theory behind application hardening. We will then go through a multitude of common vulnerabilities, along with concrete examples and solution in your target programming language. We'll finish with an interactive risk assessment session.
- Avoid common coding vulnerabilities.
- Identify security threats to your own applications.
- Experience in Web development
- Application hardening basics.
- Injection flaws.
- Broken authentication.
- Sensitive data exposure.
- XML External Entities.
- Broken access control.
- Security misconfiguration.
- Cross-site scripting.
- Insecure deserialization.
- Using components with known vulnerabilities.
- Insufficient logging & monitoring.
- Buffer overflows.
- Insecure cryptographic storage.
- Insecure communications.
- Improper error handling.
- Cross-site request forgery.
- Vulnerability identification and classification.
This training helps satisfy the following PCI DSS requirements:
- 6.5.a: Examine software-development policies and procedures to verify that up-to-date training in secure coding techniques is required for developers at least annually, based on industry best practices and guidance.
- 6.5.b: Examine records of training to verify that software developers receive up-to-date training on secure coding techniques at least annually, including how to avoid common coding vulnerabilities.
- 12.6.1.b: Verify that personnel attend security awareness training upon hire and at least annually.