Application Security Training

Open any newspaper or news app and you face ominous news headlines that expose the many software risks. Organizations face digital threats such as data breaches, phishing and ransomware attacks. These threats generally arise from insufficient knowledge to minimize software risks. As a developer and software development team, you must know the latest developments and techniques to prevent your organization from becoming the next victim.

To make developers and other stakeholders more aware of, and armed against, these risks, we have developed two hands-on training courses:

• Application Security: Fundamentals
• Application Security: Deep Dive

In the first, Fundamentals, you'll learn to understand and recognize the most common security risks. In the Deep Dive training, we dive deep into the code and embed a security-first mindset into all software development processes.

This training covers the most common security risks identified by the Open Web Application Security Project in the OWASP Top 10 and API Security Top 10. You will learn to understand the unique vulnerabilities and security risks and how to apply security solutions and minimize risks.

We combine topics from both top 10s to give you the most relevant, up-to-date training. Supplemented with background info, knowledge and experience on OWASP and the hacker mindset.

We cover:

• OWASP
• Hacker mindset
• Hacker kill chain
• Broken Object Level Authorization
• Broken User Authentication
• Excessive Data Exposure
• Lack of Resources & Rate Limiting
• Broken Function Level Authorization
• Mass Assignment
• Cross-site scripting
• Broken Access Control
• Cross-site & Server-side Request Forgery
• Security Misconfiguration
• Injection
• Improper Assets Management
• Security Logging and Monitoring
• Post exploitation
• Reverse shells
• Hacker tools

Knowing and using the OWASP risks is perhaps the most effective first step in improving your organization's software development processes and culture.

Target audience: the training is suitable for all developers, architects and testers who have basic knowledge of request/response principles, and who would like to know more about software risks, application vulnerabilities and how hackers operate in practice.

If you want to take the next step, check out the training Application Security Deep Dive.

A one-day security training course aimed at developers and development teams who are aware of the various security risks and want to act accordingly. You are familiar with the most common threats and possible solutions but would like to dive into the code and learn to think from a security perspective. That's what we do in this training. We go in-depth with the most important security issues in a hands-on, dynamic way.

Alternately, we will work on the following topics, both research and analysis in small groups as well as theory and discussion:

• Security code-analyse:
  Analyzing multiple code bases (C#, Typescript, Infrastructure as Code) with dozens of security issues and errors. What is wrong? How do you prevent it? And how can you defend yourself against this?
• Secure Software Development Life Cycle:
  Which additional steps or features can you add to incorporate security into the daily software cycle?
• Security Testing:
  What types of security tests are there? When and how do you deploy them? We cover SAST, IAST and DAST.
• Security & AI:
  What are the risks of using AI tools like ChatGTP or GitHub Copilot?

In addition, there is room, in advance or during, to bring in your challenges and use cases.

In short, a deep dive training to embed a security-first mindset in all your software development processes.

Target audience: developers and software architects who (preferably) understand C# and/or Javascript/Typescript, and have basic knowledge of development tooling and security - ideally thanks to our Application Security Fundamentals training.