Application Security encompasses measures taken to prevent exceptions in the security policy of an application or the underlying system (vulnerabilities) through flaws in the design, development, or deployment of the application.

Security testing techniques scour for vulnerabilities or security holes in applications. These vulnerabilities leave applications open to exploitation. Ideally, security testing should be implemented throughout the entire software development life cycle (SDLC) so that vulnerabilities may be addressed in a timely and thorough manner. Unfortunately, testing is often conducted as an afterthought at the end of the development cycle.

About this workshop

Traditionally, security has been handled with a large focus on the network. Security budgets are allocated to defenses that are understood, not defenses that reduce the most risk. Many people understand what a firewall does but the problem is that a firewall will only mitigate certain threats. With the rise of service-oriented architecture and the fact that more and more data is moving through port 80, the threat of a weak application is huge no matter how many firewalls you put in front of it. Making security part of the software development life cycle (SDLC) reduces risk and provides strategic advantage.  

The entire training is driven by hands-on exercises and case studies to ensure that all aspects have a real-life scenario-based approach. Each participant will be provided with fully configured machines with all the tools and test images loaded.

Benefits

On completion of this course, participants will get a better understanding of

• Application security attacks
• Primary risks facing web applications
• Secure coding practices
• Securing application design
• How to check application security via in-house security testing
• How to effectively include application security in your SDLC

Who should attend

This course is meant for professionals responsible for developing and testing applications

• Software Developers (J2EE/ASP.NET)
• Design Architects
• Software Testers
• Security Auditors
• Security Architects
• Program Managers
• Security Consultants

Course Outline

Day 1

• Need for focusing on Application Security
• Industry Trends & Compliance Requirements for Application Security
• Web Application Security Fundamentals
• Common Web Application Security Threats & Countermeasures (Demo or Case Study)
• Secure Coding Guidelines & Principles (J2EE or ASP.NET)

Day 2

• How to build secure design - Threat Modeling (Case Study)
• Risk Estimation & Risk Mitigation Assurance
• OWASP Top 10 Flaws (Demos & Case Study)
• How to do Security Testing - Tools & Strategy
• Aligning Application Security in SDLC