Threat Modeling and Web Application Security
Learn how to protect your web application from vulnerabilities and common attacks.
Our course is uniquely positioned to assist organisations who would like to understand more about how to understand and protect themselves from online attack.
- The course is centred around the principle of understanding, documenting and modelling threats and mitigations. Each element of the course provides sections for discussion, demonstration, examples and extensive use of practical elements which are then linked back to the data flow diagram and threat model.
- This course enables developers and testers to identify and fix security flaws that exist both within their own code and within the environment into which it will be deployed. They will learn the important questions to ask when evaluating security risks, how to model their designs in a way that exposes potential attacks and how to think from the perspective of a potential attacker. By the end of the course they will be able to mitigate the most common attack vectors, produce designs that expose the smallest possible target to attackers and conduct audits and code reviews on their colleague’s work.
- The attacks and issues refer and utilise the popular OWASP top 10 list however there is also wide coverage given to the problems found in situations like corporate intranets, cloud deployments and open source projects.
- During the course delegates will work with some of the common tools used by potential attackers and understand how to test applications for security issues.
- The delivery is highly interactive and practical, with delegates spending a significant portion of their time compromising the sample applications. It includes a comprehensive, guided and fast paced leaderboard session (‘capture the flag’) which assists with cementing the previous exercises by exploring and practising penetration & security testing techniques.
“I've been a software engineer (full stack) for 15 years and attended many courses...this is probably the best course I've ever been on. Fascinating from start to finish - plenty of modern examples and exciting practical exams. Would definitely recommend Simon for future courses.”
- Fundamental concepts
- Threat modelling – an introduction
- How attackers identify targets & perform reconnaissance
- The OWASP top 10 - joining practical attacks with perceived threats
- Capture the flag
- Threat modelling and testing procedures
“Good insight into the issues we’re facing these days. A lot of information was covered, but very clearly presented. Excellent use of exercise to help remember what has been taught.”
Or send us a quick message