Following the acquisition of Encription by BlackBerry UK Limited in February of 2016, the trading assets and liabilities of Encription Limited are being formally assigned to BlackBerry UK Limited effective from 31 January 2017.
For further information please call 0330 100 2345

Secure Web Applications (SWA) – 2 days

Please note:- this is a multiple day course and you will need to book a hotel and bring lunch for the duration of the course. Hotel recommendations will be send as part of the joining instructions once the course is booked.

 

Web applications remain one of the most profitable areas a malicious attacker may target.

In this course an experienced penetration tester will teach you what we find, how we find it and how to protect against these attacks.

This will involve looking at a specific piece of code, identifying a security flaw, and implementing a fix for flaws found on the Top 10 and CWE/SANS Top 25 Most Dangerous Programming Errors.

Not only are we reviewing the code behind these common errors, we will also instruct attendees in the field of penetration testing so that they may identify flaws in web applications.

Who is the course designed for?

  • Web developers who want to build more secure applications
  • Software engineers
  • Software architects

Whilst the course is focused on software development, the technical content is accessible enough for anyone who is comfortable working with code and wishes to understand web application security from a development perspective.

Qualification

Successful candidates will receive a BlackBerry Verified ‘Secure Web Applications’ Certificate of Attainment

Course Objectives

After attending you will have an understanding of:

  • Common Web Application Vulnerabilities
  • Development Management
  • Data Validation
  • Authentication
  • Session Management
  • Offensive Security

Topics Covered

Common Web Application Vulnerabilities

  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF)
  • SQL injection
  • HTTP response splitting
  • Parameter manipulation

Development management

  • SSDLC
  • Reaching milestones

Data Validation

  • Input validation
  • Whitelisting vs. blacklisting
  • Output encoding and escaping
  • Using frameworks and APIs

Authentication

  • How to use encryption
  • Protecting session ids
  • Basic and Forms Based Authentication

Session management

  • Session hijacking
  • Session fixation

Offensive Security

  • Penetration testing methodology
  • Understanding risk, threat and vulnerability
  • Common security models
  • Tool based testing
  • Manual identification of vulnerability

Examination

Assessment is a written assessment and a practical assessment at the end of the course.

Pre-requisites:

Candidates should have at least one year’s experience working with a web programming language and be familiar with SQL.

Per course pricing

This course is available “per course” meaning a course is prepared and delivered for you and your needs. There is no minimum number of candidates. The course cost does not change based on the number of candidates so if an individual requires a course with only one candidate then that’s fine, however the course fee remains the same for 1 candidate as it does for 6. The dates of the courses are flexible and are decided by you as long as we have a member of training staff available.