This course is aimed at providing the developer with the knowledge of attack techniques currently "in the wild" and focuses heavily on two questions: "What am I up against?" and "How can I protect my applications from attack?" Sample applications will be dissected to discover (and discuss) security-related bugs hidden within the code. The class will then discuss prevention, detection and prevention.
Hacking by Numbers – Developer Edition
(2-days course: designed to teach developers how to enhance the security of their applications)
When? On request. Please contact Navixia for details!
Overview
Web-based applications, written in Java, Perl, ASP, etc., have revolutionized the way we do business. Flexible and easily developed, such applications allow business to reach their users and customers wherever they are. However, such convenience comes at a price. Web-based applications represent both an attractive and a convenient target for attack and, because many applications also connect to key business systems, a compromised application can often have extremely serious implications. If you create an application that runs on one or more computers attached to a network, your code will be attacked.
"Developer Edition" will introduce a wide range of common (and not so common) web application security vulnerabilities. You will be given hands-on lab exercises allowing you to attack vulnerable applications to fully explore the impact of potentially vulnerable code. The course is programming language neutral, aiming to equip developers with a security mindset more than a set of security functions or procedures, and will thus be of benefit to any developer who programs for the web. Language and OS specifics are delved into where required with a focus on the major development architectures in use today.
What you will learn
You will be exposed to the attack vectors in common use today, as well as techniques, processes and the mindset required to protect against them. Some of the "softer" issues surrounding secure development will also be covered. You will be exposed to some of the development platform specific issues that are sometimes the weak base upon which applications are developed.
This will cover ASP, Perl an array of SQL servers and lower level languages like C. The bulk of the course focuses on Web Applications and secure CGI / Web Application development.
Who should attend
Developers and Project Managers benefit hugely from this course by learning how to detect badly written code, how to prevent such errors and how to effectively integrate security and security testing into the development process for the future. Administrators and Security Consultants will benefit by learning how to securely deploy custom-written applications, how to detect security errors and how to provide effective remedial advice.
Benefits
The course is taught by recognized, experienced practitioners, not professional trainers. Everyone who teaches the course has real and current skills. The method-based approach makes the concepts real and understandable to people without any experience. The labs are complex and realistic, thus emphasizing both the technical and theoretical knowledge being taught. The course is an amazing eye-opener for developers. teaching clearly what can, and can’t be achieved by an attacker and thus putting modern defensive techniques into perspective. The course caters for different skill-levels simultaneously, ensuring all the students are continuously being challenged. The course is fun, packed full of games, tests, challenges and competitions that bring out the "hacker" in you. The course changes continuously to incorporate new thinking, tools and techniques.
Practical details
- What past participants said about Developer
- Download our security training brochure in French
- Do not hesitate to contact us without any obligation
