on
Secure Coding Training
Abstract
Application security is a cornerstone of modern software development. Over the years, Recurity Labs has reviewed extensive codebases, identified and reported countless vulnerabilities, evaluated a wide range of mitigation strategies, etc. Frequently, we are asked to share our accumulated expertise with the developers of the audited projects to sustainably improve and support their work. In response, the following secure coding training program has been developed to empower developers and IT professionals with the essential knowledge and skills required to build and maintain robust, secure web applications.
Upon completing this training, participants will gain a robust understanding of security as an integral element of the software development lifecycle. They will learn to identify common vulnerabilities and suboptimal programming practices, implement effective security controls, and foster a proactive security mindset that informs every stage of development. Through a blend of expert-led lectures, interactive workshops, and real-world case studies drawn from decades of practical experience, attendees will be equipped to tackle complex security challenges in web-based applications and ensure that security remains a top priority throughout the development process. Participants will walk away with tangible skills that improve code quality and reduce overall risk exposure.
Target Audience
- Developers seeking to gain foundational knowledge in application security
- Developers who want to improve their skills in identifying and addressing complex security issues primarily in Web-based applications
- Professionals looking to deepen their understanding of security concepts
Key Learning Objectives
- Cultivate a security mindset
- Identify and prevent common vulnerabilities in Web applications
- Understand key security controls and how to implement them
- Understand language agnostic code auditing approaches
- Recognize common patterns that lead to vulnerabilities
- Identify vulnerabilities caused by misused interfaces
Prerequisites
- Reasonable programming experience in at least one managed language
Agenda
The following is an exemplary agenda. The effective training agenda can be tailored to meet the needs of the audience and participants.
- Day 1: Setting the basics
- Introduction to application security
- Assessing unknown source code
- Security and defense principles
- Input validation issues
- Day 2: Access Control
- Authentication: Basics and common vulnerabilities
- Authorisation: Basics and common vulnerabilities
- Introduction to OAuth and OpenID Connect
- Day 3: Thinking outside the box
- Web application design from an attacker’s perspective
- Language- and framework-specific issues
- Advanced challenges
Training Delivery & Logistics
Training sessions are conducted by either one or two expert trainers, depending on the engagement needs. When a single trainer is involved, a maximum of eight participants is recommended to ensure an optimal learning environment. With two trainers, sessions can accommodate up to fifteen participants, enhancing interactivity and personalized support.
Although executing training sessions remotely is possible, for optimal results, we strongly recommend conducting the training onsite. Being together in a shared space enables us to interact dynamically with your team, swiftly address any gaps in knowledge, and adapt to specific needs, advantages difficult to achieve in a remote setting. Onsite trainings promote active engagement and spontaneous discussion, ensuring that the learning experience is both impactful and tailored to your environment.
We welcome you to discuss how our training solutions can be tailored to your organization’s unique needs. Please contact us for a personalized quote, and let us explore the best approach to empower your team’s security capabilities.