Overview
Developers spend far too little time trying to penetrate their own applications. In fact, general knowledge concerning how to attack software is a void in most developers skill set. Only when a developer understands the ease with which most web apps can be compromised and the control an attacker can gain over private data will they be in a position to secure their own systems. This course teaches those skills.
The delivery is highly interactive, with delegates spending most of their time in teams trying to compromise sample applications. It includes a comprehensive, guided and fast paced leaderboard session (‘capture the flag’) exploring and practising penetration & security testing techniques.
Outline
- Adopt the mind-set and tradecraft of a criminal hacker.
- Understand the most common weaknesses in web applications.
- Use freely available tools to find vulnerabilities in systems.
- Exploit these vulnerabilities to crash applications, steal stored data and introduce malicious code to deceive users into divulging confidential information.
- Threat model your own applications in the light of the above.
- Introduce mitigations via both code fixes and UI redesign.
The delivery will be highly interactive, with delegates spending most of their time in teams trying to compromise sample applications, including a comprehensive, guided and fast paced leaderboard session (‘capture the flag’) exploring and practicing penetration & security testing techniques.