- Overview of Mobile Application Security
- Authentication and Authorization for iOS/Android Mobile Devices
- Data Protection for Android
- Validation and Encoding for Android
- Introduction to Web Application Security
- Secure Coding
for Java - Secure Coding
for .NET - Threat Modeling
- Software Security Remediation Basics
- CSRF Explained
Introduction to Web Application Security
Course Duration: 1 hour
Intended Audience: Security Professionals, Developers, Project Managers, Quality Assurance Staff
This self-paced, e-Learning course provides students with the basic concepts and terminology for understanding application security issues. It provides a definition of application-level security and demonstrates how these concerns extend beyond those of traditional infrastructure security. It also provides an explanation of common application security vulnerabilities such as SQL injection, Cross Site Scripting (XSS) and authorization issues. Armed with this knowledge, developers, QA testers and security personnel can understand and start to be able to address application-level threats.
Lesson 1: Intro & Concepts
Course Objectives: After completing this lesson, you should be able to:
- Explain how intended application functionality differs from the intended functionality and how it is interesting to an attacker
- Realize the potential for application inputs to be used as avenues for attack
Lesson 2: Real Case Studies - Notable Breaches
Course Objectives: After completing this lesson, you should be able to:
- Appreciate the impact of poor security in production environments
- Justify the mitigation effort to minimize exposed attack surfaces
Lesson 3: Application Attack Demonstration
Course Objectives: After completing this lesson, you should be able to:
- Understand the approaches an attacker uses to find application-level vulnerabilities
- Understand the potential for malicious use of features in a vulnerable application
Lesson 4: What is Application Security and Why is it Important?
Course Objectives: After completing this lesson, you should be able to:
- Provide a working definition of application security
- Provide explanations of the chief application security concerns: Confidentiality, Integrity and Availability
- Explain why application security is important for organizations to address
- Describe the roles that major regulatory requirements play in secure application development
Lesson 5: SQL Injection Activity
Course Objectives: After completing this lesson, you should be able to:
- Understand the basics of an SQL Injection attack
- Understand the potential impact of exploited SQL injection vulnerabilities
- Understand the basics of protecting an application from injection attacks
Lesson 6: HTTP Basics
Course Objectives: After completing this lesson, you should be able to:
- Explain the difference between GET and POST requests
- Explain the Lifecycle of HTTP Requests
- Explain the benefits and risks of session authentication over HTTP Basic authentication
Lesson 7: Cross-Site Scripting Activity
Course Objectives: After completing this lesson, you should be able to:
- Describe the mechanics behind Cross-Site Scripting (XSS) vulnerabilities and attacks
- Understand how XSS can abuse a user's trust
- Understand the types of risks the exploitation of XSS vulnerabilities poses to web applications
What Is ThreadStrong?
ThreadStrong is a self-paced, e-Learning solution designed by Denim Group's secure application development experts to help developers understand and apply the principles of secure design and coding.
ThreadStrong combines the hands-on knowledge of working software developers with the experience of world-sought trainers, who use best practices to provide practical and in-depth application security training content. Read more >>
Learn More About ThreadStrong
On-Site Training Available
If e-Learning is not the best solution for your training needs, the creators of ThreadStrong also offer application security training in classroom format.