Ends on June 30
Whether you are an Architect, Developer, Pentester, Security or DevOps Engineer, or anyone with a need to understand and manage vulnerabilities in a Cloud environment, understanding relevant hacking techniques, and how to protect yourself from them, is critical. This course covers both the theory a well as a number of modern techniques that may be used to compromise various Cloud services and infrastructure.
Penetration testing (security testing) as an activity tends to capture security vulnerabilities at the end of the SDLC and then it is often too late to influence fundamental changes in the way the code is written.
This class has being written due to the increasing need for developers to code in a secure manner. It is critical to introduce security as a quality component into the development cycle. This class aims at educating developers about various security vulnerabilities through hands-on practice using our intentionally developed insecure web application built on Microsoft .NET platform. Throughout this class, developers will be able to get on the same page with security professionals, understand their language, learn how to fix or mitigate vulnerabilities learnt during the class and also get acquainted with some real-world breaches, for example, “The Equifax” breach in September 2017 and application vulnerabilities from popular websites like Facebook, Google, Instagram, Paypal etc.
The techniques discussed in this class are mainly focused on .NET and Java technologies owing to their huge adoption in various enterprises in building web applications. However, the approach is generic and developers from other language backgrounds can easily grasp and implement the knowledge learnt within their own environments.
The class is a highly practical class that targets web developers, pen testers, and anyone else wanting to write secure code, or audit code against security flaws. The class covers a variety of best security practices and in-depth defense approaches which developers should be aware of while developing applications. The class also covers some quick techniques which developers can use to identify various security issues throughout the code review process.
Students can access our online lab which is riddled with multiple vulnerabilities. Students will receive demonstrations and hands-on practice of the vulnerabilities to better understand and grasp the issues, followed by various techniques and recommendations on how to go about fixing them. While the class covers industry standards such as OWASP top 10 and SANS top 25 security issues, it also covers various real world issues such as the business logic and authorization flaws.
Application Security Basics
Understanding the HTTP Protocol
Insufficient Logging and Monitoring
Authorization Bypass Techniques
Cross Site Scripting (XSS)
Cross-Site Request Forgery Scripting (CSRF)
Server Side Request Forgery(SSRF)
XML External Entity (XXE) Attacks
Unrestricted File Uploads
Client-Side Security Concerns
Source Code Review
Should be taken after the DevSecOps Training Session, but not required.