Application Security Fundamentals – SS101

This beginner’s course is the perfect introduction to application security topics for all your technical staff. The course provides an overall understanding for the risks of deploying insecure software, the major attacks used against web applications and broad understanding of mitigation techniques.

Target Audience § Software Developers § Technical Leads § Project Managers § Quality Assurance Engineers § Software Architects

Course Requirements & Prerequisites § Basic understanding of the web as well as the HTTP protocol. § Basic understanding of web development technologies such as HTML, CSS, JavaScript, SQL, etc § Students are required to bring their own laptops with a minimum of 4 GB RAM installed. § VMware Workstation / Fusion / VirtualBox installed. § At least 60 GB HD free § Wired Network Support § USB 2.0/3.0 Support

Application Security Fundamentals SS-101

“This was a great class! The instructor is quite knowledgeable and makes the classes fun and informative. He is open to questions and tries to answer every one of them. Sherif is a joy!”

Keith Cooper – Elavon 1DayCourse

Application Security Fundamentals – SS101

Course Contents § Introduction

o The case for application security o Impact of application security incidents o Security principals o Lab

§ The Threat Landscape

o Who are the attackers o Attackers toolkit o Lab

§ AppSec Standards & Common Attacks

o OWASP Top 10 o CWE/SANS Top 25 o Injection Attacks o Man-in-the-middle-Attacks o Information Leakage o Lab

§ Threat Modeling

o Threat modeling process o Identifying Threat Actors o 4 Main ways of dealing with risk o STRIDE Methodology o Calculating Risk o Lab

§ Conclusion and Closeout Remarks