Course Outline
Web applications play a crucial role in the visible web. Organisations must have a web presence to conduct a variety of activities, which were once limited to internal networks or specific setups, but are now more internet-facing. Web applications hold far more control, data and power over an organisation then ever before. This is why we have designed a course that covers both the offensive and defensive aspects of web application security.
The course includes a comprehensive approach to web application security, covering both the offensive and defensive aspects. It includes code-assisted penetration testing, which is a method of testing the security of a web application by analysing the source code. It covers attack and defense techniques, as well as detection methods. Our course takes an exploratory approach, providing attendees with an environment to not only attack but also fix and test the resilience of the fix, giving them a well-rounded understanding of web application security.
Course Syllabus
Basics
- Security Development Life Cycle
- Setting up Application CI / CD Pipeline
- Basics of Threat Modelling
- Attack Surface mapping
Break
- Software supply chain
- Identity and Access Management
- Injection Attacks such as SQL, SSRF, SSTI, CSTI, XSS and more
- API
- Deserialization
Fix
- Adding Security to CI / CD
- Holistic security setup
- Protecting the supply chain
How to attend
Cyfinoid offers its trainings via multiple international conference. Details for the next class will be updated here.