Finding and Fixing Web Application Security Vulnerabilities

DeveloperTester
Written By The SafeStack Team

Description

Software security vulnerabilities are big business for potential attackers. Identifying them early and knowing what common pitfalls to avoid can make a big difference to the resilience of your applications.

This course will help you to understand, identify, and avoid common software security vulnerabilities in your code.


Duration

Takes approximately 7 hours to complete


Certification

Secure Developer Level 1


Course Objectives

  • Common web application security vulnerabilities and how to find them.

  • Approaches to avoid or reduce these vulnerabilities and how they work.

  • The challenges and trade-offs we face when implementing these controls.


Syllabus

Module 1: Object access vulnerabilities

  • What causes object access vulnerabilities.

  • How to identify them and understand their impact.

  • How to protect your application from this vulnerability.

Module 2: Enumeration vulnerabilities

  • What causes enumeration vulnerabilities and why they’re interesting to an attacker.

  • How to identify them and understand their impact.

  • How to protect your application from this vulnerability.

Module 3: SQL Injection vulnerabilities

  • What causes SQL injection vulnerabilities and why they’re so powerful.

  • How to identify them and understand their impact.

  • How to protect your application from this vulnerability.

Module 4: Configuration vulnerabilities

  • What causes configuration vulnerabilities and where in our stack we can find them.

  • How to identify them and understand their impact.

  • How to protect your application from this vulnerability.

Module 5: Operating system injection vulnerabilities

  • What causes operating system injection vulnerabilities and why they matter in a web application-focused world.

  • How to identify them and understand their impact.

  • How to protect your application from this vulnerability.

Module 6: Cross-site scripting vulnerabilities (XSS)

  • What causes cross-site scripting (XSS) vulnerabilities and how they are exploited.

  • How to identify them and understand their impact.

  • How to protect your application from this vulnerability.

Module 7: Passwords and authentication

  • Common password behaviors and why they happen.

  • How to securely store passwords within our applications.

  • Multi-factor authentication and the challenge of choosing the best one for your context.

  • Life beyond passwords and the future of authentication.

Module 8: Session vulnerabilities

  • What causes session vulnerabilities and the rules we can follow to protect our session identifiers.

  • How to identify them and understand their impact.

  • How to protect your application from this vulnerability.

Module 9: Using components with known vulnerabilities

  • Why software has vulnerabilities.

  • How we respond when our dependencies have vulnerabilities.

  • What the impact is of these vulnerabilities on us and the wider ecosystem.

Module 10: Path Traversal

  • What causes path traversal vulnerabilities.

  • How to identify them and understand their impact.

  • How to protect your application from this vulnerability.

Module 11: Return of the SQL Injection

  • SQL output, and how that impacts the type of injection attack.

  • How to identify and attack UNION SQL injection vulnerabilities.

  • Diving deeper into blind SQL injection vulnerabilities.

Module 12: XML External Entity (XXE)

  • What causes XML External Entity (XXE) vulnerabilities.

  • How to identify them and understand their impact.

  • How to protect your application from this vulnerability.

The SafeStack Team
Previous

Designing Secure Microservice Architectures
Next

Finding and Fixing API Security Vulnerabilities