Training details

This 2-day training program, "Designing Secure Applications," is meticulously crafted for software professionals aiming to integrate robust security into their application development lifecycle. With a growing emphasis on security in the digital age, this course equips participants with the latest industry practices and methodologies to design inherently secure applications. Covering a broad spectrum from basic security principles to advanced defense strategies, the training offers an immersive learning experience through real-world scenarios and hands-on exercises.

Building on this foundation, participants will gain the knowledge to architect applications with security as a central focus. The "Secure by Design" methodology ensures that security is integrated from the outset, making it a fundamental component of your application development process, rather than an afterthought.

Objectives

• Architect applications with security embedded from the initial stages.
• Proactively incorporate security in the development process to prevent downstream risks.
• Recognize and neutralize common security flaws and threat vectors.
• Understand and counteract the tactics of cyber attackers to better neutralize potential breaches.
• Gain knowledge of the latest security trends and threats in software development.

Target Audience

• Software Developers
• Application Security Engineers
• Technical Leads and Architects
• IT Professionals interested in application security

Prerequisites

• Proficiency in web development languages (At least: HTML, JavaScript, SQL).
• Understanding of HTTP protocol fundamentals.
• Basic knowledge of web technologies and databases.
• Experience with a modern frontend framework (React, Angular etc.).

Educational and Training Approach

Our interactive training blends theory with practice, customizing discussions to participant experiences while leveraging the trainer's extensive real-world insights. Active learning is emphasized through practical exercises, attack simulations, and security scenarios.

Our pragmatic, hands-on approach alternates between simulating real-world attacks and teaching the protective measures to secure your applications effectively.

Evaluation and Follow-up

Participants' skills are continuously assessed through collaborative workshops and exercises. Trainee satisfaction is measured at the end of the session, and a detailed training certificate is issued, outlining the training's objectives, content, schedule, duration, and confirmation of the skills acquired.

Detailed Program

1. Day 1: Foundations of Application Security

   • Introduction to Secure Coding Approach
     • Emphasis on integrating security in the coding process.
   • Secure by Design
     • Exploring 10 key principles for secure application design.
     • Conducting a team offensive challenge to simulate application attacks.
   • Web Security Mechanisms
     • In-depth look at Web Browser Security Mechanisms including SOP, CORS, and CSP.
   • Reviewing the OWASP Top 10
     • Detailed analysis of the most critical web application security risks.
   • Practical Attack Simulations
     • Engaging in exercises to combat XSS, SSTI, and REDOS attacks.

2. Day 2: Advanced Security Practices and Strategic Application

   • Continuing Attack Simulations
     • Further exercises focusing on IDOR, Mass Assignment, SQL Injection, and CSRF attacks.
   • Best Security Practices
     • Implementing measures like Captcha for bot protection.
     • Enhancing cookie security.
     • Securing HTTPS protocols with TLS parameters and HTTP headers.
   • Workshop on Secure Coding Strategies
     • Hands-on session to develop personalized application security strategies.
   • Summary and Feedback Session
     • Reviewing key takeaways from the training.
     • Sharing experiences and feedback for practical application.