Introduction to Application Security

• What is Application Security and why is it so important?
• What does it mean to *your* business?

SDL in depth

• Analysing security and privacy risk
• Attack surface analysis
• Threat Modelling
• Identifying the right tools
• Enforcing banned functions
• Static analysis
• Dynamic / Fuzz Testing
• Response Plan
• Final Security Review

Hands-on with the OWASP Top 10 2021 Web Application Security Risks

We keep up to date with the latest OWASP Top Ten vulnerabilities.

• A01:2021-Broken Access Control
• A02:2021-Cryptographic Failures
• A03:2021-Injection
• A04:2021-Insecure Design
• A05:2021-Security Misconfiguration
• A06:2021-Vulnerable and Outdated Components
• A07:2021-Identification and Authentication Failures
• A08:2021-Software and Data Integrity Failures
• A09:2021-Security Logging and Monitoring Failures
• A10:2021-Server-Side Request Forgery

Beyond OWASP

• Data Protection Mechanisms (crypto and more)
• Fuzz testing and other tools
• Click jacking
• Response Splitting
• CWE/SANS Top 25 Most Dangerous Software Errors
•  
• Exploiting authentication
• Language issues
• Data devaluation
• Tokenisation solutions
• Auditing and Logging Solutions

Summary

• Applying what you have learnt in the real world.
• Understanding the business impact of insecure software.