Training Course | Breaking Applications

Learn how to break applications and infrastructure, ask pertinent questions and focus efforts on particular areas of concern.

Breaking Applications is a training course for developers & engineers involved with creating web applications.

Course Information

Duration: 2 Days

Location: Virtual | Classroom

Skill Level: Intermediate

Learning Outcomes

Course delegates will complete the course having gained the following knowledge.

  • Techniques used for breaking web applications
  • Proactive vs Reactive Security
  • Indicators of potential issues
  • Identifying when someone has compromised your systems
  • Use of tools and automation to help teams discover more

Course Outline

Software developers and testers are rarely able to recognise the security flaws in the applications they create and work on. Security considerations play little or no part in most computer science degrees and are easily marginalised in the high-pressure environment of a commercial software project. As a result, most web applications developed today are vulnerable to one or more of the attacks catalogued by the Open Web Application Security Project (OWASP).

Hugely interesting course and eye opening to understand all the vulnerabilities that exist. Even though we have security reps within the company this would make you think there is a need for specially trained staff whose sole focus is that.

Course Attendee

Modules

Delegates will complete training in the following modules.

1. Setting the Scene

Delegates will learn that every team member has an impact when it comes to security and that the threats facing us haven't changed however, the delivery method has.

  • Examples of successful compromises
  • The frequency and severity of attacks
  • Legislative requirements (CRA, DORA, Biden Cyber Security)
  • Compliance requirements (ASVS, MASVS, OVS)
2. How Attackers Identify Targets & Perform Reconnaissance

Dive in and see which tools are needed to understand what is exploitable, how to identify areas of weakness and how to identify target information from OSINT sources.

  • How to proxy HTTP traffic and understand weaknesses using Burp Suite
  • Examples of readily accessible flaws in requests.
  • How to make use of open-source intelligence tools
3. Practical Security Issues

Learn just how easy it is to break applications by using the right tools and applying a little knowledge.

  • How to exploit services
  • How to exploit web applications
4. Capture The Flag

Put your knowledge to the test and get hands-on in a capture the flag exercise. This is a comprehensive, guided and fast-paced leaderboard session to practise penetration & security testing techniques.

  • Use of relevant Capture the Flag software depending on the delegates
  • OWASP Juice Shop for developers and testers involved with Front End development.

Prerequisites

Delegates should have at least 6 months of experience building applications and should have attended the 'Threat Modeling' course.

Further Learning

Looking to continue on your learning path? The following courses are ideal as follow-on courses to Breaking Applications.

Need help?

Email Us
email hidden; JavaScript is required

Or send us a quick message

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.