Our course is uniquely positioned to assist organisations who would like to understand more about how to understand and protect themselves from online attack.

• The course is centred around the principle of understanding, documenting and modelling threats and mitigations. Each element of the course provides sections for discussion, demonstration, examples and extensive use of practical elements which are then linked back to the data flow diagram and threat model.
• This course enables developers and testers to identify and fix security flaws that exist both within their own code and within the environment into which it will be deployed. They will learn the important questions to ask when evaluating security risks, how to model their designs in a way that exposes potential attacks and how to think from the perspective of a potential attacker. By the end of the course they will be able to mitigate the most common attack vectors, produce designs that expose the smallest possible target to attackers and conduct audits and code reviews on their colleague’s work.
• The attacks and issues refer and utilise the popular OWASP top 10 list however there is also wide coverage given to the problems found in situations like corporate intranets, cloud deployments and open source projects.
• During the course delegates will work with some of the common tools used by potential attackers and understand how to test applications for security issues.
• The delivery is highly interactive and practical, with delegates spending a significant portion of their time compromising the sample applications. It includes a comprehensive, guided and fast paced leaderboard session (‘capture the flag’) which assists with cementing the previous exercises by exploring and practising penetration & security testing techniques.