×

Remote Training (Dec 7-8) : DevSecOps Masterclass 2020 Discoverer Edition Register Now

Application Security
Essentials Training

Learn about how application vulnerabilities work, and how to fix them.

Training Objective and Course Overview

The workshop focuses on Core Application Security principles aimed at Product Developers, Architects, Program Managers and Testers. The workshop aims to equip the trainees with platform and technology agnostic remediation strategies against application security vulnerabilities. 

What attendees will learn?

In addition to the updated concepts of the OWASP Top 10, the workshop is replete with real-world case studies, demonstrations and hands-on exercises. The modules are designed to drive home the concept of building applications securely - irrespective of technology and platform.

Course Agenda

  • Deep-Dive Understanding of Injection Flaws like SQL Injection, Command Injection, Server-Side Template Injection and others
  • Perform SQL Injection Attacks like a real-world adversary with the Cloud Labs and learn how it works
  • Perform SQL Injection Attacks like a real-world adversary with the Cloud Labs and learn how it works
  • Defend a real application against SQL Injection with our Cloud Labs
  • Learn to Attack Server-Side Template Injection like a real attacker with hacker tools in our Cloud Labs
  • Learn multiple types of defence against Server-Side Template Injection in our Cloud Labs
  • Understand how Cross-Site Scripting happens with a deep understanding of Browser Security Controls and Same-Origin Policy
  • Explore a history of Cross-Site Scripting attacks against real-world applications and how those attacks shaped modern web security
  • Learn the different types of Cross-Site Scripting (XSS) Attacks and how they can be leveraged against your application's users
  • Perform Cross-Site Scripting Attacks against real-world applications in our Cloud Labs
  • Learn to defend against Cross-Site Scripting with Output Escaping and different approaches to Output Escaping in our Cloud Labs
  • Learn how you can leverage the browser in your fight against XSS with Content-Security-Policy 
  • Learn the dangers of XXE and how attackers leverage it to gain complete access to your application and its hosting environment
  • Learn to perform XXE attacks against a real-world application with our Cloud Labs
  • Learn to defend against XXE with a real-world application, with our Cloud Labs
  • Learn the dangers of Insecure Deserialization and how attackers leverage it to gain complete access to your application and its hosting environment
  • Learn to perform Insecure Deserialization attacks against a real-world application with our Cloud Labs
  • Learn various approaches to defend against Insecure Deserialization Flaws
  • Learn about Input Validation and how it can be leveraged against several classes of Application Vulnerabilities
  • Learn various approaches to Input Validation with a real-world view of Input Validation with our Cloud Labs
  • Learn how you can do effective validation of JSON Request Payloads for your REST API or Web Application
  • Learn about Session Management for Web Applications and how attackers leverage flaws with Session Management Implementation
  • Learn about Session Fixation and Session Hijacking Flaws against a real-world application with our Cloud Labs
  • Learn about Security Attributes for Session Implementation for a real-world application with our Cloud Labs
  • Learn an Attacker's Perspective by cracking insecurely protected passwords using popular hacker tools
  • Learn how to effectively protect User Passwords with Key Stretching Algorithms
  • Learn about Authorization Flaws and how they are different from Authentication Flaws
  • Perform Authorization Bypasses using Insecure Direct Object Reference Attacks against a real-world application, with our Cloud Labs
  • Learn about Access Control Defence with Access Control Models
  • Implement an "Access Control List" model of Authorization for a real-world application with our Cloud Labs
  • Implement "Role Based Access Control" for a real-world application with our Cloud Labs
  • Learn the nuances of Cryptography, One-way Hashing and Key-Stretching
  • Learn, with our Cloud Labs, modes of encryption and some examples of weak encryption
  • Implement Good Key Management Practices for a real-world application with our Cloud Labs
  • Learn an Attacker's Perspective by cracking insecurely protected passwords using popular hacker tool
  • Learn how to effectively protect User Passwords with Key Stretching Algorithms
  • Learn why Security Logging is an extremely underrated control for web application security
  • Implement Structured Security Logging for a real-world application with our Cloud-Labs
  • Learn about the different techniques to test your own applications for security 
  • Identify Security issues with your code with SAST (Static Application Security Testing)
  • Perform a SAST assessment against a real-world application's codebase with Open-Source SAST tools
  • Identify Vulnerabilities with Third-Party Libraries that you use with Source Composition Analysis (SCA)

- Deep-Dive Understanding of Injection Flaws like SQL Injection, Command Injection, Server-Side Template Injection and others

- Perform SQL Injection Attacks like a real-world adversary with the Cloud Labs and learn how it works

This is one of the best trainings I've done regardless of price or location

- Marc Armstrong, VGW

I think this was a fantastic training especially in terms of the quality of the labs. I've done a lot of different InfoSec trainings and the labs are usually a little haphazard. The labs in this training were structured in such a way that we could take this data and the labs themselves and keep working on the concepts discussed.

The class really exceeded my expectations

- Vedusha Chooramun, CBA and Bankwest Perth

I was expecting the course to be too basic but after getting some hands-on practice with the material I think it was really worth it in fact I felt the class enhanced the skills I already had. I'm taking away a lot of new techniques, new material which I can embed into my company. The trainer has been really great.

Conference Features

Our Application Security and Cloud Security programs is a regular feature at marquee application security conferences across the world.

Frequently Asked Questions

Is this training specific to any programming language?

No. The training has been designed to be beneficial to product teams across the globe irrespective of the tech stack they use. All the vulnerability remediation assistance and best practices in application security imparted in the training are agnostic of platform or technology.

What level of existing security awareness is required for the audience?

This course is aimed at facilitating cross-skill development across the engineering community like developers, architects or QA teams. Hence attendees are not expected to have any prior understanding of security.

What would be some tangible takeaways from this training on a short to medium term basis?

The core objective of this course is to help engineering teams develop secure applications. Attendees will be given a detailed understanding of how vulnerabilities are exploited in the wild along with best practices that aid in secure application development.

Dates Coming Soon !

Web Application Security Essentials

2 Days
(14 Hours)

$850

Dates Coming Soon ! 
Get Notified

Would you rather have a private training conducted for your team? Enter your details here


    By checking this box you agree to receive communication on we45's events, product or solution offerings by email to your contact information.

    You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

    By clicking submit below, you consent to allow we45 to store and process your personal data to provide you the requested information.

    Additional Resources

    3 Things to Make Your AppSec Suck Less

    Let’s face it, your application security sucks! But don’t fret, there’s hope yet. Here are 3 very critical things that organizations sometimes miss out on when trying to fix application security.

    Free Webinar : Secure Code Review

    This webinar would showcase security vulnerabilities purely in light of its underlying code and emphasize on the practical differences between secure and insecure code.

    AppSec vs Secure Applications

    These things don’t always mean the same thing. Read on to find out why a holistic approach to AppSec is absolutely required, rather than a purely exploit/bug hunting approach.