AppSec for Developers

Course Details

What you will learn

This course teaches STRIDE methodology, by studying several vulnerable application designs and then try to envision how the application can be compromised. Once identified, we deep dive into the example code where the vulnerability exists and then implements the best secure solution to the application. We also run attacks on the vulnerable application using real world hacking tools and techniques to broaden developer mindset.

By the end of the course, you’ll know:

• Everything you need to do about application security vulnerabilities, including why they occur, how they impact and what risk they pose to the wider organization
• Threat modelling principles and Defense in depth thinking
• How to assess the source code to identify the vulnerable pattern
• How to write effective mitigation against the vulnerability
• How to manage security requirements for Agile tools
• How to build and maintain a culture of security across the team using secure practices and tools

What you will be doing

You’ll be learning hands on:

• Threat modelling a full application one feature/section at a time
• Brainstorming possible solutions to insecure design
• Perform attacks on 10+ vulnerabilities using real world tools and live environment
• Understanding insecure code in applications
• Fixing these vulnerabilities so you can secure your own application.
• Discussing the security requirements for application development
• Competing in a fast-paced Capture the Flag (CTF) game

What you will get:

• Certificate of completion
• 24-hour lab access post-course completion (with the opportunity to extend)
• 8 Continuing Professional Education (CPE) credits awarded per day of training fulfilled
• Learning pack, including question & answer sheets, setup documents, and command cheat sheets

Why it is relevant

Have you ever developed an application without testing the code for vulnerabilities or shipped software with known security flaws? Software has become a frontline target for cybercriminals who want to disable, disrupt, and destroy systems and harm individuals. And some of the most newsworthy hacks in recent years – including credit reporting agency Equifax, telecommunications giants T-Mobile and Optus, and even the Shanghai Police – have been the result of vulnerabilities in application code. From customer data being stolen, to entire organizations going offline, secure code matters.

There are other reasons to develop your ability too. As security becomes more embedded in the way we work, employers are increasingly looking for development specialists who can demonstrate technical application security skills all the way up to CTO level. Secure coding proficiency directly correlates with your growth and career progression and can lead you into new areas.

This course is packed full of exercises and topics relevant to the current threat landscape and the latest industry-standard development systems and processes. Our syllabuses are also revised regularly to reflect the latest in-the-wild hacks and whatever proof of concepts we’ve been developing through our own research. Because they remain so up to date with the threat landscape and security industry standard, many delegates return every 1-2 years to update their skills and get a refresh.

Course Syllabus

Our syllabuses are updated frequently to reflect new vulnerabilities and exploits.

Course highlights

What delegates love:

• Defensive coding:the ability to write code with security focus
• Offensive angle: you’ll learn from practicing penetration testers and red teamers with up to date, working knowledge of the latest and most common software hacks.
• Threat modeling:You’ll learn how to assess insecure application design
• Multiple mitigations:for every vulnerability covered, you’ll explore 3 to 4 remediations, helping you develop a versatile, relevant approach.
• Focus on awareness and process as well as code: you’ll learn the principles behind the practical approach.
• Browser based: the course is fast to set up, requiring a single installation of Burp Suite
• Individual access: you’ll have your own infrastructure to play with, enabling you to try out secure coding and mitigation techniques independently, at your own pace.
• Real-world learning: in an industry where most of the leading cybersecurity training courses are based on theory, our scenario-led, research-based approach ensures you learn how real threat actors think and act.

Outcomes for budget holders

This course is designed to help organizations upskill their development team in response to evolving cyber risk, helping senior decision makers:

• Create security requirements for projects that in planning phase using Threat modelling
• Manage the likelihood and impact of security incidents originating from insecure code and development practices
• Lower the cost of retrofitting security into existing applications and workflows and totally eradicate this need going forward
• Lower costs by managing code reviews and remediation internally
• Develop the organization’s competitive advantage for security-conscious customers
• Nurture and retain highly skilled, security conscious employees
• Demonstrate commitment to security through training and change management