Virtual | Jim Manico: Building Secure APIs and Web Applications – GOTO Academy NL

Virtual | Jim Manico: Building Secure APIs and Web Applications

The major cause of webservice  and web application insecurity is insecure software development practices. This highly intensive and interactive Masterclass provides essential application security training for web application and webservices developers and architects. The class is a combination of lecture, security testing demonstration and code review. Students will learn the most common threats against applications. More importantly, students will learn how to code secure web solutions via defense-based code samples. 

As part of this course, we will explore the use of third-party security libraries and frameworks to speed and standardise secure development. We will highlight production quality and scalable controls from various languages and frameworks. This Masterclass will include secure coding information for Java, PHP, Python, Javascript and .NET programmers, but any software developer building web applications and webservices will benefit. 

Interesting for:

Java, PHP, Python, Javascript and .NET programmers, but any software developer building web applications and webservices will benefit. 

 

 

 

 

 

 

 

 

 


Agenda: Day 1&2 | Focus on web application basics

  • Introduction to Application Security
  • Introduction to Security Goals and Threats
  • HTTP Security Basics
  • CORS and HTML5 Considerations
  • XSS Defense 
  • Content Security Policy
  • Introduction to Angular.JS Security
  • Introduction to React.JS Security
  • SQL and other Injection
  • Cross Site Request Forgery
  • File Upload and File IO Security
  • Deserialization Security
  • Input Validation Basics
  • OWASP Top Ten 2017
  • OWASP ASVS

 

Agenda: Day 3&4 | Focus on API secure coding, identity & other advanced topics

  • We will have three different lab environments for students to choose from
  • OAuth to Security
  • HTTPS/TLS Best Practices
  • Third-party Library Security Management
  • Application Layer Intrusion Detection

 

Upcoming training dates

Sorry, there are no products in this collection