SafeStack Academy logo

Finding and Fixing Web Application Security Vulnerabilities

  • Takes approximately 6 hours to complete

Description

Software security vulnerabilities are big business for potential attackers.

Identifying them early and knowing what common pitfalls to avoid can make a big difference to the resilience of your applications.

This course will help you to understand, identify, and avoid common software security vulnerabilities in your code.

Certification

Secure Developer: Level 1

Course Objectives

  • Common web application security vulnerabilities and how to find them.
  • Approaches to avoid or reduce these vulnerabilities and how they work.
  • The challenges and trade-offs we face when implementing these controls.

Modules

Module 1: Object Access Vulnerabilities

  • What causes object access vulnerabilities.
  • How to identify them and understand their impact.
  • How to protect your application from this vulnerability.

Module 2: Enumeration Vulnerabilities

  • What causes enumeration vulnerabilities and why they’re interesting to an attacker.
  • How to identify them and understand their impact.
  • How to protect your application from this vulnerability.

Module 3: SQL Injection Vulnerabilities

  • What causes SQL injection vulnerabilities and why they’re so powerful.
  • How to identify them and understand their impact.
  • How to protect your application from this vulnerability.

Module 4: Configuration Vulnerabilities

  • What causes configuration vulnerabilities and where in our stack we can find them.
  • How to identify them and understand their impact.
  • How to protect your application from this vulnerability.

Module 5: Operating System Injection Vulnerabilities

  • What causes Operating System Injection vulnerabilities and why they matter in a web application focused world.
  • How to identify them and understand their impact.
  • How to protect your application from this vulnerability.

Module 6: Cross Site Scripting Vulnerabilities (XSS)

  • What causes Cross Site Scripting (XSS) vulnerabilities and how does they are exploited.
  • How to identify them and understand their impact.
  • How to protect your application from this vulnerability.

Module 7: Passwords and Authentication

  • Common password behaviours and why they happen.
  • How to securely store passwords within our applications.
  • Multi-factor authentication and the challenge of choosing the best one for your context.
  • Life beyond passwords and the future of authentication.

Module 8: Session Vulnerabilities

  • What causes session vulnerabilities and the rules we can follow to protect our session identifiers.
  • How to identify them and understand their impact.
  • How to protect your application from this vulnerability.

Module 9: Using Components with Known Vulnerabilities

  • Why does software have vulnerabilities?
  • How do we respond when our dependencies have vulnerabilities?
  • What is the impact of these vulnerabilities on us and the wider ecosystem?