This course runs over three full days. Each day is split in to six 45 minute sessions, beginning at 9:30 am and finishing at 5:00 pm. A purpose-built Web site is used to demonstrate insecure code and application design. Students then learn how to fix and avoid the problems they encounter.

This course is particularly well suited to developers and application security professionals. Click here to enrol now. If you are unsure if you meet the required prerequisites, contact us for a quick skill check.

Secure Coding for Web Applications: Day One
Session 1.0: Welcome
09:30 - 09:40	Welcome Health and Safety check Course Overview
Session 1.1: The Case for Secure Coding
09:40 - 10:25	Attacker Analysis - Who and Why Insecure Code - Why and When it happens
15 Minute Break Out
Session 1.2: Basic Errors and Misconceptions
10:40 - 11:25	HTML Source Hidden Form Fields Client Side Validation Magic URLs and Hidden Forms
15 Minute Break Out
Session 1.3: Understanding the HTTP Request
11:40 - 12:25	The OSI Model HTTP Packets Explained Packets and Firewalls
Lunch
12:25 - 13:30	A selection of sandwiches and soft drinks will be provided.
Session 1.4: SQL Injection
13:30 - 14:15	How SQL Injection Works SQL Injection Defenses
15 Minute Break Out
Session 1.5: Advanced SQL Injection
14:30 - 15:15	Blind SQL Injection Web Service SQL Injection Email Injection
15 Minute Break Out
Session 1.6: Ajax Security
15:30 - 16:15	XPath Injection Race Conditions Command Injection
15 Minute Break Out
Questions & Answers
16:30 - 17:00	A chance to discuss topics and issues covered during the day.
Drinks
17:00 - 17:30	Relax and unwind with Mike and the other students after a hard day.

 

Secure Coding for Web Applications: Day Two
Session 2.0: Welcome
09:30 - 09:40	Welcome Health and Safety check
Session 2.1: Cross Site Scripting (XSS)
09:40 - 10:25	How XSS Works XSS Defenses
15 Minute Break Out
Session 2.2: Handling Flawed Input Data
10:40 - 11:25	Format string problems Integer overflows Buffer overruns Fault Injection Fuzzing
15 Minute Break Out
Session 2.3: Maintaining State
11:40 - 12:25	Cookies Session Expiration Authentication Cookies Securing Session State Best Practices
Lunch
12:25 - 13:30	A selection of sandwiches and soft drinks will be provided.
Session 2.4: Authentication
13:30 - 14:15	Basic Authentication Open Authentication Schemes
15 Minute Break Out
Session 2.5: Spoofing
14:30 - 15:15	Role Based Access Control Schemes Client Weaknesses
15 Minute Break Out
Session 2.6: Information Leakage
15:30 - 16:15	Default and Forgotten Passwords Error Control Data Leakage and Inference
15 Minute Break Out
Questions & Answers
16:30 - 17:00	A chance to discuss topics and issues covered during the day.
Drinks
17:00 - 17:30	Relax and unwind with Mike and the other students after a hard day.

 

Secure Coding for Web Applications: Day Three
Session 3.0: Welcome
09:30 - 09:40	Welcome Health and Safety check
Session 3.1: Encryption
09:40 - 10:25	Unauthenticated Key Exchange Using Random Numbers SSL Explained Data Security Encryption at Rest and In Transit
15 Minute Break Out
Session 3.2: Application Logic Attacks
10:40 - 11:25	Logic Flow Control Poor Usability Implied Insecurity
15 Minute Break Out
Session 3.3: The Security Development Lifecycle
11:40 - 12:25	Best Practice Security Policies Version and Patch Control Interacting with Children Privacy Guidelines Sensitivity Policy Secure Coding Policy
Lunch
12:25 - 13:30	A selection of sandwiches and soft drinks will be provided.
Session 3.4: Design and Development
13:30 - 14:15	Design Issues Data Classification Dataflow Diagrams Static and Dynamic Source Code Analysis Best Practices Data Access Commenting Code
15 Minute Break Out
Session 3.5: Deployment Issues
14:30 - 15:15	Environment Security Server Security Database Access Control Change Control
15 Minute Break Out
Session 3.6: Presenting The Case for Code Security
15:30 - 16:15	Key Facts Making the Case for Secure Code Securing All Entry Points User Awareness
15 Minute Break Out
Questions & Answers
16:30 - 17:00	A chance to discuss topics and issues covered during the day.
Drinks and Presentations
17:00 - 17:30	Drinks will be served while each student successfully completing the course is presented with their "Secure Coder" certificate.

If you have any questions regarding the content and format of this course, or have special requirements, please do not hesitate to contact us.