SafeStack logo on purple background

Finding and Fixing Web Application Security Vulnerabilities

Finding and Fixing Web Application Security Vulnerabilities

  • Takes approximately 7 hours to complete

Description

Software security vulnerabilities are big business for potential attackers.

Identifying them early and knowing what common pitfalls to avoid can make a big difference to the resilience of your applications.

This course will help you to understand, identify, and avoid common software security vulnerabilities in your code.

Certification

Secure Developer: Level 1

Course objectives

  • Common web application security vulnerabilities and how to find them.
  • Approaches to avoid or reduce these vulnerabilities and how they work.
  • The challenges and trade-offs we face when implementing these controls.

Modules

Module 1: Object access vulnerabilities

  • What causes object access vulnerabilities.
  • How to identify them and understand their impact.
  • How to protect your application from this vulnerability.

Module 2: Enumeration vulnerabilities

  • What causes enumeration vulnerabilities and why they’re interesting to an attacker.
  • How to identify them and understand their impact.
  • How to protect your application from this vulnerability.

Module 3: SQL Injection vulnerabilities

  • What causes SQL injection vulnerabilities and why they’re so powerful.
  • How to identify them and understand their impact.
  • How to protect your application from this vulnerability.

Module 4: Configuration vulnerabilities

  • What causes configuration vulnerabilities and where in our stack we can find them.
  • How to identify them and understand their impact.
  • How to protect your application from this vulnerability.

Module 5: Operating system injection vulnerabilities

  • What causes operating system injection vulnerabilities and why they matter in a web application-focused world.
  • How to identify them and understand their impact.
  • How to protect your application from this vulnerability.

Module 6: Cross-site scripting vulnerabilities (XSS)

  • What causes cross-site scripting (XSS) vulnerabilities and how they are exploited.
  • How to identify them and understand their impact.
  • How to protect your application from this vulnerability.

Module 7: Passwords and authentication

  • Common password behaviors and why they happen.
  • How to securely store passwords within our applications.
  • Multi-factor authentication and the challenge of choosing the best one for your context.
  • Life beyond passwords and the future of authentication.

Module 8: Session vulnerabilities

  • What causes session vulnerabilities and the rules we can follow to protect our session identifiers.
  • How to identify them and understand their impact.
  • How to protect your application from this vulnerability.

Module 9: Using components with known vulnerabilities

  • Why software has vulnerabilities.
  • How we respond when our dependencies have vulnerabilities.
  • What the impact is of these vulnerabilities on us and the wider ecosystem.

Module 10: Path Traversal

  • What causes path traversal vulnerabilities.
  • How to identify them and understand their impact.
  • How to protect your application from this vulnerability.

Module 11: Return of the SQL Injection

  • SQL output, and how that impacts the type of injection attack.
  • How to identify and attack UNION SQL injection vulnerabilities.
  • Diving deeper into blind SQL injection vulnerabilities.

Module 12: XML External Entity (XXE)

  • What causes XML External Entity (XXE) vulnerabilities.
  • How to identify them and understand their impact.
  • How to protect your application from this vulnerability.

Try SafeStack today

Bring security skills to your entire software development lifecycle

Get started for free