Säker Applikationsutveckling (2 dagar) - eng
Note that this class will be held in english.
This course gives a basic introduction to application security, with the main focus being web applications.
The course mixes theoretical parts with presentations and a practical part with demos and labs. The theory contains references to OWASP e.g:
OWASP Top 10 https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project#tab=Main
OWASP Application Security Verification Standard https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project
OWASP Top 10 Proactive Controls https://www.owasp.org/index.php/OWASP_Proactive_Controls
The practical part consists of:
Demonstrations in OWASP:s Web Goat https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
Mob solving of the SecureFlag challanges https://www.secureflag.com/index.html
Key takeaways:
Understanding of the most common security vulnerabilities
Practical experience of tools and techniques for security testing
Security considerations in the development process
About the class
Duration: 2 days
Teachers: Joel Harsten & Davis Freimanis
Prerequisites
There are no direct prerequisites to this course, although for the practical parts it is beneficial with general knowledge in programming, especially web (http, html and Javascript) and SQL.
Preparation prior to the class
You’ll receive info about preparations needed one week before the start of the course.
References
OWASP Top 10 (most critical security risks to web applications) - https://owasp.org/www-project-top-ten/
OWASP ASVS - https://owasp.org/www-project-application-security-verification-standard/
OWASP WSTG - https://owasp.org/www-project-web-security-testing-guide/