This two-day course is geared towards software developers, enabling them to understand the most common technical software issues in today’s industry. This course covers the OWASP Top 10 plus the SANS Top 25, providing real life examples of breaches and countermeasures.
This course is suitable to beginner and intermediate levels, and includes both theory and hands-on experience of exploitable code, explaining how an attacker can find a software vulnerability, and exploit it.
This two-day course is geared towards quality assurance teams, empowering them to discover and security test common issues in developing software. This course covers industry standard lists such as the OWASP Top 10 and the SANS Top 25 issue lists, describing the nature of the attacks and testing any software application to determine if the vulnerability exists.
This course is suitable to beginner and intermediate levels, including both theory and hands-on experience of exploitable code. Participants will be able to introduce security testing into the secure SDLC.
In today’s application security industry, many companies understand that product architecture and design flaws can have a major impact. Applications can be bug free, however design flaws can still expose sensitive data, or cause other non-compliances with industry regulations.
Threat Modeling is the systematic, methodical process used by security experts to determine if a product’s architecture and design are vulnerable to attackers.
This two-day training course introduces the attendee to the Threat Modeling process. We conduct a Threat Modeling exercise on an example application, covering the theory as well as practice. At the end of the course the attendee will be able to conduct a Threat Model on any web or backend application.
Threat Modeling aspects covered include: high level security objectives, attack surface determination, asset evaluation, entry point detection, threat agents, data flow diagrams, threat enumeration, security requirements, use/abuse cases.