Course description
This course has been developed by experts having over eight years of practical experience in Application Security. The knowledge to be transferred to trainees has been time and again tested in the field and forms a basis for safe application development. It offers a detailed description with hands-on experience of today’s most common vulnerabilities: from OWASP Top-10 2021.
Trainees will learn methods of static (including SAST) and dynamic (including DAST) identification and the reliable elimination of such vulnerabilities. They will also be provided with examples of code in various programming languages containing vulnerabilities, as well as “live” applications, which will help better understand the nature of vulnerabilities (and learn how to find them).
The course includes numerous practical tasks and exit tests to check the acquired knowledge.This course is built as a detailed description with hands-on experience of today’s most common vulnerabilities: from OWASP Top-10 2021. Trainees will learn methods of static (including SAST) and dynamic (including DAST) identification and the reliable elimination of such vulnerabilities.
Upcoming start dates
Who should attend?
Prerequisites
Participants must be able to work with web browsers, read and write code for modern web applications, and understand the main principles of their operation: HTTP, Cookies, Proxies, etc.
Training content
- What is Application Security, why and how to use it (0,5 h)
- Overview of OWASP TOP 10 (0,5 h)
- A01 – Broken Access Control (1 h) + Practical tasks (2 h)
- A02 – Cryptographic Failures (1 h) + Practical tasks (1 h)
- A03 – Injection (2 h) + Practical tasks (1 h)
- A04 – Insecure Design (0.5 h) + Practical tasks (1 h)
- A05 – Security Misconfiguration (1 h) + Practical tasks (1 h)
- A06 – Vulnerable and Outdated Components (0,5 h) + Practical tasks (1 h)
- A07 – Identification and Authentication Failures (2 h) + Practical tasks (2 h)
- A08 – Software and Data Integrity Failures + Insecure Deserialization (1 h) + Practical tasks (1 h)
- A09 – Security Logging and Monitoring Failures (0,5 h) + Practical tasks (0,5 h)
- A10 – Server-Side Request Forgery (0,5 h) + Practical tasks (0,5 h)
- A8:2013- Cross-Site Request Forgery (CSRF) (1 h) + Practical tasks (1 h)
Certification / Credits
Objectives
Upon completion of training, students will be able to avoid vulnerabilities of OWASP Top-10 and identify them using static and dynamic methods in the existing code/configuration.
Quick stats about Luxoft Training Center?
More than 200 training courses
Conducted over 1,500 training sessions
Customized training solutions for business
Contact this provider
Luxoft Training Center
Luxoft Training Center — an essential part of the global technology leader, Luxoft, a DXC Technology Company. We play a pivotal role in propelling B2B businesses forward by delivering customized training solutions. Emphasizing the significance of learning and employee development,...