web_security_for coders (fundamentals)

Web applications have a critical security role, mediating the link between the open Internet and high-value internal systems. Even with strong encryption, high-end firewalls and effective SecOps, just one coding flaw can leave your systems vulnerable. 

This one-day course covers the fundamentals of secure coding. Giving developers the knowledge and practical experience they need to avoid introducing vulnerabilities like SQL injection and cross-site scripting into your code base.

Find out more about our web security for coders course

What you’ll learn on the web security for coders training course

Common vulnerabilities - attack & defence

Using practical demonstrations, students will gain an understanding of common web app vulnerabilities and how they could be exploited by a real-world attacker. Students will then learn how to identify insecure coding practices, remediate the issues found and test that fixes have been applied effectively. The session will cover: SQL injection, Cross-site scripting, Executable file upload, XML external entity injection, and more if time permits.

Modern web security features

In this session, we will cover the security features in modern web browsers and frameworks, demonstrating how these can be leveraged for maximum effectiveness. This includes: TLS encryption, HTTP strict transport security, Content security policy, Clickjacking, Cross-origin resource sharing, Sub resource integrity and Captcha. There will also be practicals to help students develop strong content security policies.

Access control

This is a more informational session, where best practices around authentication, password management, session tracking and authorization are explained. Interaction is highly encouraged, with students able to ask questions to understand how theory applies to the applications they work on. There will also practicals covering: Cross-site request forgery, Forced browsing and Parameter tampering.

Attacking incomplete defences

Building on the common vulnerabilities session, this practical session is designed to demonstrate how incomplete fixes to vulnerabilities can be attacked using more sophisticated payloads, and introduces other vulnerability classes. These include Path traversal and Insecure deserialization.

why choose us?

experience and expertise

Our web security for coders training workshop is designed and delivered by expert security consultants, each with years of experience in testing applications and discovering vulnerabilities. The aim of this courses is to pass on our wealth of knowledge to your developers and ultimately to support your organisation's security improvement efforts.