• Classroom
  • Online, Instructor-Led
  • Online, Self-Paced
Course Description

This course is designed to equip students with the knowledge and tools needed to identify and defend against security vulnerabilities in software applications. Students will put theory to practice by completing real world labs that include testing applications for software vulnerabilities, identifying weaknesses in design through architecture risks analysis and threat modeling, conducting secure code reviews and more. On the final day of training, students will complete a real world hacking exercise on a live web application.

Upon completion, attendees should have the skills to perform the following:

  • Identify application security vulnerabilities in any software application
  • Review software architecture diagrams and identify attack points
  • Perform web application penetration testing
  • Design controls to defend against application vulnerabilities
  • Identify vulnerabilities as they relate to the OWASP Top 10
  • Perform advanced attacks against web applications
  • Perform security code reviews
  • Develop security test scripts
  • Build a web hacking toolbox
  • Integrate security best practices into the Software Development Lifecycle (SDLC)
  • Communicate to both technical and non-technical individuals concerning application vulnerabilities

Objective Of Labs:

This is an intensive hands-on class; you will spend 50% of student class time performing labs focusing on both the OWASP model as well as the technicalities that detail PCI compliance in respects to secure coding.

This 4-day course retails for $3,500.

Learning Objectives


Module 0: Web Application Intro

Module 1: Software Security Explained

Module 2: Risk Management

Module 3: Secure Architecture Design

Module 4: OWASP Top 10

Module 5: Threat Modeling

Module 6: Software Security Vulnerabilities

Module 7: Other Vulnerabilities

Module 8: Overview of Secure Coding

Module 9: Secure Coding Principles

Module 10: Secure Software Development Lifecycle

Module 11: PCI Data Security Standard

Module 12: Web 2.0

Module 13: Other Key Items

Module 14: Selling Security to Management

Module 15: Web Application Penetration Testing


Module 1 - Environment Setup and Architecture

Module 2 - OWASP TOP 10 2013

Module 3 - Threat Modeling

Module 4 - Application Mapping & Analysis

Module 5 - Authentication and Authorization attacks

Module 6 - Session Management attacks

Module 9 - AJAX Security

Module 10 - Code Review and Security Testing

Lab 10-1 - Code Review

Lab 10-2 Security Test Scripts

Lab 10-3 Writing Java Secure Code

Annex 11: Alternatives Labs

Lab 11-1: WebGoat & Webscarab

Lab 11-2: WebGoat - Cross Site Request Forgery (CSRF)

Lab 11-3: Missing Function Level Access Control

Lab 11-4: Perform Forced Browsing Attacks

Framework Connections