AppSec for Developers - Live Online Training

Your course

The future of secure software is in your hands. Join this extremely informative 2-day course to bring your application security and threat modelling skills up to the industry standard and widen your career prospects. Get significant hands-on experience with our popular virtual labs and learn from industry experts, practicing penetration testers with a legacy of training at Black Hat. You’ll learn how to find and fix vulnerabilities in code, how to threat model your application with a developer mindset, enhance the security culture within your dev team, and more…

Who it’s for

• Software Developers (juniors to seniors)
• Tech leads and Software Architects

This course is suitable for software development teams and Architects who want to build and maintain secure software. The syllabus considers different application development strategies, from preserving legacy applications to threat modelling new/existing applications.

Top 3 takeaways

• Threat modelling applications in any stage of development cycle
• Practical application security skills and knowledge to use daily
• Techniques and tools to help you code securely by second nature

What you’ll learn

This course teaches STRIDE methodology, by studying several vulnerable application designs and then trying to envision how the application can be compromised. Once identified, we deep dive into the example code where the vulnerability exists and then implement the best secure solution to the application. We also run attacks on the vulnerable application using real-world hacking tools and techniques to broaden developer mindset. By the end of the course, you’ll know:

• Everything you need to about application security vulnerabilities, including why they occur, how they impact your applications, and what risk they pose to the wider organization
• Threat modelling principles and Defense in depth thinking
• How to assess the source code to identify the vulnerable pattern
• How to write effective mitigation against the vulnerability
• How to manage security requirements for Agile tools
• How to build and maintain a culture of security across the team using secure practices and tools

What you’ll be doing

You’ll be learning hands on:

• Threat modelling a full application one feature/section at a time
• Brainstorming possible solutions to insecure design
• Perform attacks on 10+ vulnerabilities using real world tools and live environment
• Understanding insecure code in applications
• Fixing these vulnerabilities so you can secure your own application
• Discussing the security requirements for application development
• Competing in a fast-paced Capture the Flag (CTF) game

Why it’s relevant

Have you ever developed an application without testing the code for vulnerabilities or shipped software with known security flaws? Software has become a frontline target for cybercriminals who want to disable, disrupt, and destroy systems and harm individuals. And some of the most newsworthy hacks in recent years – including credit reporting agency Equifax, telecommunications giants T-Mobile and Optus, and even the Shanghai Police – have been the result of vulnerabilities in application code. From customer data being stolen, to entire organizations going offline, secure code matters.

There are other reasons to develop your ability too. As security becomes more embedded in the way we work, employers are increasingly looking for development specialists who can demonstrate technical application security skills all the way up to CTO level. Secure coding proficiency directly correlates with your growth and career progression and can lead you into new areas.

This course is packed full of exercises and topics relevant to the current threat landscape and the latest industry-standard development systems and processes. Our syllabuses are also revised regularly to reflect the latest in-the-wild hacks and whatever proof of concepts we’ve been developing through our own research. Because they remain so up to date with the threat landscape and security industry standard, many delegates return every 1–2 years to update their skills and get a refresh.

Find out more about this course