Jardine Software

  • Home
  • Solutions
    • Vulnerability Assessments / Penetration Tests
    • Security Review
    • Code Review
    • Training
      • Fundamentals of Application Security
  • Testimonials
  • Resources
  • Blog
    • .Net Blog
  • About
    • Events
  • DevelopSec

Fundamentals of Application Security

Are you challenged with creating secure applications? Do you want to learn the concepts of secure application development? This six session course is for you. James Jardine breaks down many of the core security issues into their basic concepts in easy to follow lessons. He combines real world examples with short demonstrations to identify the risks that security vulnerabilities present. This is not a class to teach you how to hack. It is designed to introduce students to the concepts of security and how to start embedding them into their day to day development activities.

Syllabus
Session 1: Intro to Application Security
• What is Application Security
• SQL Injection Demo
• AppSec Terms
• Why attackers attack
• Trust Boundaries
• OWASP
• Types of Testing
• What is a proxy
• Proxy Demo

Session 2: Injection
• Injection Overview
• Input Validation
• Output Encoding
• SQL Injection
• Cross-Site Scripting
• XSS – Demo

Session 3: Authentication / Authorization
• Authentication Introduction
• Multifactor/Security Questions/Forgot Password
• Authorization Introduction
• Direct Object Reference
• Direct Object Reference – Demo
• Multiple Authorization Demos

Session 4: Session Management / CSRF
• Intro to Session Management
• Cookie Security
• Session Identifiers
• Session Fixation
• Cross-Site Request Forgery
• Cross-Site Request Forgery – Demo

Session 5: Information Leakage / Logging
• Server Side Request Forgery
• Server Side Request Forgery – Demo
• What is Sensitive Data
• Data Classification
• Protecting data at rest and in transit
• Why Logging is important
• Types of data to Log
• Potential issues with logging

Session 6: Misconfiguration / Other
• Discuss common misconfiguration issues
• Understanding the current framework
• Identifying misconfigurations
• Open Redirect
• Open Redirect – Demo
• XXE
• XXE – Demo

Available Classes:

Newsletter

Sign up to receive email updates regarding current application security topics.

Privacy Policy

Contact Us

Contact us today to see how we can help.
Contact Us

Search

Company Profile

Jardine Software Inc. was founded in 2002. Originally focused on software development, we now focus on helping development teams and … Read More...

Resources

Podcasts
DevelopSec
Down the Security Rabbithole (#DTSR)

Blogs
DevelopSec
Jardine Software

Engage With Us

  • Email
  • Facebook
  • GitHub
  • LinkedIn
  • RSS
  • Twitter
  • YouTube

Contact Us

Jardine Software Inc.
Email: james@jardinesoftware.com



Privacy Policy

© Copyright 2018 Jardine Software Inc. · All Rights Reserved