AppSec for Developers (ASD) – Outline

Detailed Course Outline

Day 1

Authorization

  • Session Management
  • Logical Flaws
  • Web Server Misconfiguration
  • Application Server Misconfiguration
  • HTTP Methods
  • SSL and MITM attacks

Cross Site Issues

  • Cross Site Scripting
  • Cross Site Request Forgery
  • Session Fixation
  • CRLF Injection
  • Flash and Cross Domain Issues
Day 2

Server Side Issues

  • SQL Injection
  • File Uploads
  • Server Side Includes
  • File Inclusion
  • Direct Object Reference
  • OS Code Execution

Best Security practice

  • HSTS
  • Content Security Policy
  • Defence in Depth