Posted on

Secure development: Advanced Finding and Fixing Application Security Vulnerabilities

Screen from SafeStack Advanced Finding and Fixing Course

You probably don’t need us to tell you that new web application security flaws are uncovered every year.

Keeping across all of them goes a long way to preparing you and your systems against abuse, and we’re excited to bring you a Secure Development course designed to help with that: Advanced Finding and Fixing Application Security Vulnerabilities. Plus, some other neat updates about our learning content.

When we launched our first Finding and Fixing Web Application Security Vulnerabilities course a couple of years ago, we knew there was no way we could cover all of the vulnerabilities we wanted to. Though we’re still very proud of that course, there was plenty more ground to cover.

Once we released that course, we noticed a theme in the feedback we got from learners — they were really enjoying the interactive labs. We heard from many of them that they found these to be one of the best features — they were fun, engaging, and they wanted more of them.

Branching off into a separate course on Finding and Fixing API Security Vulnerabilities was also an important direction for us to follow. 

Most of the software world was moving towards API-first platforms — including our own SafeStack learning platform — and securing these systems isn’t always a straightforward shift from web to API. 

And when we released that course, we heard the same message loud and clear from our learners: “More labs please!”

This leads me to a couple of new things we’re trying with our brand new Advanced Finding and Fixing Application Security Vulnerabilities course.

Firstly, we just couldn’t wait to develop all the material before bringing it to you, so we’re working closely with our engineering team to support the release of partial courses. Advanced Finding and Fixing Application Security Vulnerabilities is the first course we’re launching this way, and you’ll see new modules get released monthly. 

Secondly, we plan to bring you interactive lab exercises for all modules!

Advanced Finding and Fixing Web Security Vulnerabilities

This new course continues our journey into how to find and fix various classes of web security flaws.

Some of the modules follow on directly from the earlier content — particularly SQL injection and JWT-security issues — but there are other new classes of vulnerabilities as well, including:

  • Deserialization Flaws
  • Server-Side Request Forgery
  • Cross-Site Request Forgery
  • Path Traversal; and
  • XML External Entity Abuse

Who is this course for?

This course is useful for anyone developing, testing, or securing software products. 

To get the best learning experience, we recommend completing the following courses before jumping into Advanced Finding and Fixing:

You can access all these courses by becoming a paid SafeStack member.

What you get with a paid SafeStack Secure Development membership

Our online training is flexible so that you can learn from anywhere at any time, and our ongoing program means you get up-to-date content released regularly. Our high-quality, people-focused content is created by experts and is relevant for a range of roles.

As well as our new course, you’ll get access to our existing courses, including:

  • Security Fundamentals for Software Development
  • Finding and Fixing Web Application Security Vulnerabilities
  • Finding and Fixing API Vulnerabilities
  • Threat Assessment for Software Development
  • Designing Secure Microservice Architectures
  • Introduction to DevSecOps
  • And other new content released regularly.

You also get these neat benefits:

  • Access to our SafeStack Community, a safe online space for everyone to learn and collaborate about secure development.
  • Monthly online seminars hosted by the SafeStack team on a range of application security topics, designed to connect you with a community of like-minded folks. Check out GitHub Actions for AppSec for an idea of what to expect.
  • Online office hours, offering a chance to talk with our team about what you’re learning or any particular secure development challenges you’re working through.
  • Access to our hands-on labs, where you can explore concepts and test your knowledge.
  • Verified digital credentials to recognize and share what you’ve learned.

Find out more about our platform and courses, and get started today for free, with the option to move to a paid plan whenever you’re ready.

We love to hear from you

We hope this course will give you practical ways secure your applications, and we’d love to hear your feedback. Drop us a line on and let us know what you think.