Application Security for Developers

Overview

🕮 Off the shelf (OTS)

This intermediate hands-on course learners will gain an understanding of application security vulnerabilities including the industry standard OWASP top 10 list and learn strategies to defend against them. Pen testing (security testing) as an activity tends to capture security vulnerabilities at the end of the SDLC and then it is often too late to influence fundamental changes in the way the code is written.

This course has been written by developers turned pen testers who can help developers to code in a secure manner as it is critical to introduce security as a quality component into the development cycle. Throughout this class, developers will be able to get on the same page with security professionals, understand their language, learn how to fix or mitigate vulnerabilities learnt during the class and get acquainted with some real-world breaches, for example, "The Equifax" breach in September 2017. Various bug bounty case studies from popular websites like Facebook, Google, Shopify, Paypal, Twitter etc. will be discussed explaining the financial repercussions of application security vulnerabilities like SSRF, XXE, SQL injection, authentication issues etc.

The techniques discussed in this class are mainly focused on .NET, Java and NodeJS technologies owing to their huge adoption in various enterprises in building web applications. However, the approach is kept generic and developers from other language backgrounds can easily grasp and implement the knowledge learned within their own environments. Learners will participate in a CTF challenge where they will have the chance to identify vulnerabilities in code snippets derived from real-world applications.