Building a secure web application in Java is an extremely difficult challenge. While Java EE is a fantastic platform for building critical applications, there is little support for preventing flaws like the OWASP Top Ten, including Cross-Site Scripting (XSS), SQL injection, Request Forgery, Broken Authentication and Authorization, and much more. This course, teaches participants how to identify, diagnose, and fix all of these very common issues. In this course, participants will perform hands-on security testing and code review on web applications to find these kinds of flaws and they will learn and apply efficient and effective approaches for eliminating or avoiding these vulnerabilities in Java applications. This course is intended for anyone writing Java EE applications. You’ll learn by actually finding problems using code review and application penetration testing techniques in a full Java EE application that is riddled with holes. We’ll design and implement fixes to many of these vulnerabilities in an Eclipse-based development environment, and then retest the application with security tools to verify that the problem has been eliminated. The course ends with a fun three-stage challenge designed to drive home the key lessons from the training. This course goes way beyond the finding and exploiting of vulnerabilities. Participants will learn about the security controls that developers should use to avoid these issues. Understanding how security is supposed to work is the greatest tool you can possibly have for finding security problems.
Training developers on secure coding practices offers one of highest returns on investment of any security investment by eliminating vulnerabilities at the source. Aspect’s .NET Secure Coding Training raises developer awareness of application security issues and provides examples of ‘what to do’ and ‘what not to do'. All examples and exercises are available in both C# and VB.NET. Please specify which version best suits your organization. The class is led by an experienced developer and is delivered in a very interactive manner. This class includes hands-on exercises where the participants get to perform security analysis and testing on a live .NET web application. This specially designed environment includes deliberate flaws the participants have to find, diagnose, and fix. The class also uses .NET coding exercises to provide participants with realistic hands-on secure coding experience. Participants gain hands-on experience using freely available web application security test tools to find and diagnose flaws and learn to avoid them in their own code.
It is impossible to build a secure web application without conducting thorough application security testing. This course brings the techniques of security testing to software testing professionals. Aspect’s Testing Web Application Security training raises tester awareness of application security issues and provides practical techniques of how to test for these problems. The class is based on Aspect’s years of application security testing experience and is led by an experienced application security practitioner. This class includes hands-on exercises where the participants get to apply their knowledge on real vulnerabilities in an actual live web application. This specially designed environment includes deliberate flaws the participants have to find and diagnose. Participants gain hands-on testing experience with freely available web application security test tools to find and diagnose flaws and learn to identify them in their own projects.
Mobile applications enable new threats and attacks which introduce significant risks to the enterprise, and many custom applications contain significant vulnerabilities that are unknown to the team that developed them. Considering the number of mobile applications available in the Google Play and Apple AppStore is nearing 1.5 million and vulnerabilities are skyrocketing it is imperative to perform typical application security practices. But, how is mobile different? This one-day, hands-on course enables participants to understand how easily mobile devices and applications can be successfully attacked. They will learn how to identify, avoid and remediate common vulnerabilities by learning critical security areas such as those identified in the OWASP Top Ten Mobile Risks and Controls. Using state-of-the-art testing tools, participants will learn how to secure mobile applications across the enterprise. Participants will be able to choose from iOS or Android hands-on labs throughout the course, while they learn how easily the bad guy can compromise applications and the data they contain.
Web application vulnerabilities continue to place our global computing infrastructure at risk. In this course, participants will perform hands-on security testing on live web applications to find common vulnerabilities and will learn efficient and effective approaches for eliminating or avoiding these vulnerabilities in your web applications. Participants will learn how to diagnose all of the OWASP Top Ten web flaws, including Cross-Site Scripting (XSS), SQL Injection, Cross-Site Request Forgery, Broken Authentication and Authorization, and much more. The course is designed primarily for software developers and testers, but anyone with an interest in web application security will be able to use the tools provided and learn to find and diagnose holes in a real web application. Each participant receives a CD with an application security learning environment and a number of specialized tools. The course culminates with a fun three-stage challenge designed to drive home the key lessons from the training. This course goes way beyond just finding and exploiting vulnerabilities. Participants will also learn about the security controls that developers can use to solve these issues. Understanding how security is supposed to work is the greatest tool you can possibly have for finding security problems.