AppSec Training for Developers icon

AppSec Training for Developers

This 2 day class has being written due to the increasing need for developers to code in a secure manner

In this 2-Day Intermediate hands-on course delegates will gain an understanding of application security vulnerabilities including the industry standard OWASP Top 10 list and learn strategies to defend against them.

Attendees will be able to:

  • Understand OWASP Top 10 with practical demonstrations and deeper insight
  • Understand the financial repercussions of different vulnerabilities
  • Get on the same page with the security team while discussing vulnerabilities
  • Build a system with continuous security monitoring
  • Identify and Fix security vulnerabilities much earlier in the SDLC process saving time and effort

Delegates receive:

  • Apart from the various tools and content around the course Delegates will also be provided with a 7-day lab access where they can practice all the exercises/demos shown during the course.

For security and IT decision makers

What’s the real impact of training your team through NotSoSecure?

Make your organisation a less attractive target to attackers by building a team that can write code resistant to complex, modern attacks, without losing business functionality and development speed. Trained delegates can:

  • Write secure application code resilient to a variety of web-based attacks in the OWASP top 10.
  • Understand how attackers identify vulnerabilities in code, and the impact of this, so they can adopt more secure ways of working.
  • Identify and mitigate security vulnerabilities earlier on in the development lifecycle.
  • Use a vocabulary of risk and exploitation to work more effectively with security practitioners.
  • Understand the business impact of application security and articulate this to key stakeholders.
  • Take on greater responsibility in the team and become an advocate of security in the wider business.
  • Overview
  • Details
  • Pre-requisites & Audience
  • Brochure Download

Pen testing (security testing) as an activity tends to capture security vulnerabilities at the end of the SDLC and then it is often too late to influence fundamental changes in the way the code is written.

This course has been written by developers turned Pen Testers who can help developers to code in a secure manner as it is critical to introduce security as a quality component into the development cycle.

Throughout this class, developers will be able to get on the same page with security professionals, understand their language, learn how to fix or mitigate vulnerabilities learnt during the class and get acquainted with some real-world breaches, for example, “The Equifax” breach in September 2017. Various bug bounty case studies from popular websites like Facebook, Google, Shopify, Paypal, Twitter etc will be discussed explaining the financial repercussions of application security vulnerabilities like SSRF, XXE, SQL Injection, Authentication issues etc.

The techniques discussed in this class are mainly focused on .NET, Java and NodeJS technologies owing to their huge adoption in various enterprises in building web applications. However, the approach is kept generic and developers from other language backgrounds can easily grasp and implement the knowledge learned within their own environments.

Students will be required to participate in a CTF where they’ll be required to identify vulnerabilities in code snippets derived from real-world applications.

Other courses to further your knowledge

Lab-based training - written by Black Hat trainers.

These classes are ideal for those preparing for CREST CCT (ICE), CREST CCT (ACE), CHECK (CTL), TIGER SST and other similar industry certifications, as well as those who perform penetration testing on infrastructure or web applications as a day job and wish to add to their existing skill set.

Enquire about your training

We provide training directly (remote or in person) and also work with a range of training partners in different locations around the globe for classroom or remote training. Please contact us with details of your requirement and we will recommend the best route to access our amazing training.

Our accreditations and partnerships

iso 9001 accredited
iso 14001 accredited
iso 22301 accredited
iso 27001 accredited
iso 27017 accredited