Application Security
Image Application Security encompasses measures taken to prevent exceptions in the security policy of an application or the underlying system (vulnerabilities) through flaws in the design, development, or deployment of the application.

Security testing techniques scour for vulnerabilities or security holes in applications. These vulnerabilities leave applications open to exploitation. Ideally, security testing should be implemented throughout the entire software development life cycle (SDLC) so that vulnerabilities may be addressed in an appropriate manner. Unfortunately, testing is often conducted as an afterthought at the end of the development cycle.

About this workshop

Traditionally, security has been handled with a large focus on the network. Security budgets are allocated to defenses that are understood, not defenses that reduce the most risk. Many people understand what a firewall does but the problem is that a firewall will only mitigate threats at the network layer and not at the application layer.

With the rise of service-oriented architecture and the fact that more and more data is moving through port 80, the threat of a weak application is huge no matter how many firewalls you put in front of it. The workshop will help in understanding application security related controls in compliance standards like PCI-DSS, ISO 27001, SOX, etc. The entire training is driven by hands-on exercises and case studies to ensure all aspects have a real-life scenario-based approach.


On completion of this workshop, participants will get a better understanding of

  • Application security attacks
  • Primary risks facing web applications
  • Threat Modeling
  • Threat Profiling
  • OWASP Top 10
  • CWE Top 25
  • Black Box Testing
  • Secure Code Reviews

Who should attend

This workshop will significantly benefit professionals developing secure applications and evaluating application security.

  • Software Developer (J2EE/ASP.NET)
  • Software Developer (J2EE/ASP.NET)
  • Design Architect
  • IS / IT Specialist / Analyst / Manager
  • IS / IT Auditor / Consultant
  • Security Specialist / Analyst
  • Security Manager / Architect
  • Security Consultant / Professional
  • Security Officer / Engineer
  • Security Administrator
  • Security Auditor
  • Software Engineer / Tester
  • Project Lead / Manager

Participants are expected to have some knowledge of software application security testing.

Workshop Outline

  • Introduction to Application Security
  • Application Architecture
  • Security Development Lifecycle
  • Web Application Vulnerabilities
  • Understanding vulnerabilities practical hands-on using insecure web applications
  • Threat Modeling - Application Security Controls
  • Secure Coding Techniques
  • Latest trends and security threats
  • Significant OWASP Projects
  • Continuous security testing and assessments
Customer Feedback