Web Application Secure Coding

In order to deeply understand the most common Web Applications security issues and how to prevent them, attendees will exploit an intentionally vulnerable Web Application, review the vulnerable source code, draft required fixes to mitigate the existing vulnerabilities, and discuss existing solutions to address the most common security risks.
Training sessions are delivered by a security practitioner and OWASP project co-leader.

Target Audience

Front-end and back-end developers, DevSecOps, and Pentesters.

Training Program

Part 1

  • Introduction to the Open Web Application Security Project (OWASP) and the OWASP Top 10 project
  • The HTTP protocol and how Web Applications work on top of it

Part 2

For each of the ten most common Web Applications security risks (according to the OWASP Top 10):

  • Exploit the vulnerability
  • Perform secure code review
  • Draft required fix
  • Discuss existing solutions to detect and mitigate the risk

What You’ll Learn

  • Relevant OWASP projects and how to use them to write secure code
  • HTTP protocol fundamentals and how Web Applications work on top of it
  • In-depth knowledge of the ten most common Web Applications security risks
  • How threat agents exploit Web Application vulnerabilities: tools and techniques
  • How to perform secure code review
  • How to avoid the most common Web Applications security vulnerabilities

What are you waiting for? Get in touch to schedule your training session.

Local

Presential / Online


Duration
8 Hours
Group Size

Individual/Up to 10 persons


Value

On request


Instructor

Paulo Silva

With a bachelor's degree in Computer Sciences and 15+ years developing software, in the last 8+ years, Paulo has been focused on security research, ethical hacking, and penetration testing. He is a long-term OWASP volunteer and project leader, being one of those responsible for the OWASP API Security Top 10. He has co-/authored several secure coding practices manuals such as the OWASP Go Secure Coding Practices and the Kotlin Secure Coding Practices guide.