Course Details

Duration: 2-3 Days
Location: On Site
An introductory course ideal for the novice or experienced developer. The course is mixture of demonstrations and practical work for completion by the trainees.

About The Trainer

Simon Whittaker has been providing security services & training to both local organisations and some of the world’s largest companies for over 10 years.

Simon’s background in both development & System/Network Administration provides a great view on how best to compromise & secure required services & applications while also ensuring that training courses, content & practicals can be aimed at the right audiences.

Most of Simon’s work involves working with companies to test and improve secure coding practices, penetration & security testing and providing security consultancy to companies that are keen to improve their processes & procedures.

Simon also has great experience in developing & implementing efficient and effective practices across departments to assit with securing and retaining external quality recognition such as ISO27001.

Overview

The course is designed to provide developers with awareness of the most common areas for exploitation of their applications or web sites and ways of preventing these exploits. Through practical and theory based work, developers will get hands on experience of breaking and compromising vulnerable web applications.

This course is designed for developers of all levels wishing to gain an understanding in how to better protect the sites and applications they are working on. This course explores up to date tools & methodologies available to developers and how best to use them.

Objectives

• Make your application or web site the smallest target possible to potential attackers
• Understand common attack vectors
• How to mitigate common attack vectors
• Understand tools used for testing & protecting applications & web sites
• Asking the right questions to other developers & system administrators
• Encourage auditing of code & improved development procedures

Outline

Security Layers

• Common web application structures
• Layers of your application
• Network layers
• General Protection

Application Security

• SQL Injection
• Cross Site Scripting
• XSRF/CSRF
• Protection of files
• Brute Force Attacks
• Basic manipulation of URL/FORM Data
• Threat Modelling

Network Security

• Web application firewalls
• Alerting tools
• Monitoring

Tools

• Penetration test resources