AppSec for Developers

Course Details

What you will learn

This course uses a Defense by Offense methodology based on real world offensive research (not theory). That means everything we teach has been tried and tested on live environments and in our labs, so you can put it into practice as soon as the training is over. By the end of the course, you’ll know:

• Everything you need to about application security vulnerabilities, including why they occur, how they impact your applications, and what risk they pose to the wider organization
• The principles of application security and Secure by Design thinking
• How to develop secure applications, from writing secure code to building and governing secure processes
• How to find and fix vulnerabilities in existing application code
• How to build and maintain a culture of security across the team using secure practices and tools

What you will be doing

You’ll be learning hands on:

• Hacking insecure code to see what vulnerabilities look like in your applications
• Fixing these vulnerabilities so you can secure your own application.
• Discussing the functionality requirements of secure application development so you can design security into everything
• Applying real world case studies to your development thinking
• Competing in a timed, fast-paced Capture the Flag (CTF) game to test your new skills

You will receive:

• Certificate of completion
• 24 hours’ lab access post-course completion (with the opportunity to extend)
• 8 Continuing Professional Education (CPE) credits awarded per day of training fulfilled
• Learning pack, including question & answer sheets, setup documents, and command cheat sheets

What you can take away from the course:

• Practical application security skills and knowledge to use daily
• Techniques and tools to help you code securely by second nature
• DevSecOps awareness to help you transform your dev practices from the ground up

Why it is relevant

Have you ever developed an application without testing the code for vulnerabilities or shipped software with known security flaws? Software has become a frontline target for cybercriminals who want to disable, disrupt, and destroy systems and harm individuals. And some of the most newsworthy hacks in recent years – including credit reporting agency Equifax, telecommunications giants T-Mobile and Optus, and even the Shanghai Police – have been the result of vulnerabilities in application code. From customer data being stolen, to entire organizations going offline, secure code matters.

There are other reasons to develop your ability too. As security becomes more embedded in the way we work, employers are increasingly looking for development specialists who can demonstrate technical application security skills all the way up to CTO level. Secure coding proficiency directly correlates with your growth and career progression and can lead you into new areas.

This course is packed full of exercises and topics relevant to the current threat landscape and the latest industry-standard development systems and processes. Our syllabuses are also revised regularly to reflect the latest in-the-wild hacks and whatever proof of concepts we’ve been developing through our own research. Because they remain so up to date with the threat landscape and security industry standard, many delegates return every 1-2 years to update their skills and get a refresh.

Details of the course content:

Course highlights

What delegates love:

• Offensive angle: you’ll learn from practicing penetration testers and red teamers with up to date, working knowledge of the latest and most common software hacks.
• Multiple mitigations:for every vulnerability covered, you’ll explore 3 to 4 remediations, helping you develop a versatile, relevant approach.
• Focus on awareness and process as well as code: you’ll learn the principles behind the practical approach.
• Browser based: the course is fast to set up, requiring a single installation of Burp Suite
• Individual access: you’ll have your own infrastructure to play with, enabling you to try out secure coding and mitigation techniques independently, at your own pace.
• Real-world learning: in an industry where most of the leading cybersecurity training courses are based on theory, our scenario-led, research-based approach ensures you learn how real threat actors think and act.

Outcomes for budget holders

This course is designed to help organizations upskill their development team in response to evolving cyber risk, helping senior decision makers:

• Manage the likelihood and impact of security incidents originating from insecure code and development practices
• Lower the cost of retrofitting security into existing applications and workflows and totally eradicate this need going forward
• Lower costs by managing code reviews and remediation internally
• Develop the organization’s competitive advantage for security-conscious customers
• Nurture and retain highly skilled, security conscious employees
• Demonstrate commitment to security through training and change management