Application Security for Developers
A 2 day course designed to teach students the nature of common application design and implementation vulnerabilities and provide guidance on techniques, tools and methodologies that improve the security of developed code.
The course runs through an overview of how to approach and consider application security for non-security but technical staff. Where application developers have exposure to this type of training we see a significant improvement in the security controls they implement in code and a general reduction in application vulnerabilities found during application tests.
Learning Objectives
- Identifying the application security architecture
- Identifying application assets
- Considering threats
- Web application vulnerabilities
- SQL injection
- Cross-Site Scripting
- Insecure session control and cookie handling
- Poor access control
- Database insecurities
- Defensive Programming
- Coding to avoid vulnerabilities
- Addressing vulnerabilities retrospectively
- Enabling secure development
Course Audience
The course is recommended for those involved in web application development and architecture. It is expected that all students will have familiarity with software development, particularly web application development. Specific platform and language requirements are not applicable as this course focuses on security rather than any specific technology.