Cybersecurity Training

Building and Breaking: Web Applications

Our “Building and Breaking” series is ideal for those looking to build more secure web applications and harden their systems against attacks. This course aims to give the “Attacker Perspective” to software development teams to enable them to better understand how these attacks take place, and therefore better secure their applications against potential attacks.

Course Overview

This covers covers a wide range of security vulnerabilties commonly found within web applications, as well as guidance on how to remediate those specific vulnerabilities and general guidance on hardening application against attack.

We also have hands-on labs to let you test your understanding and experiment with common real-world vulnerabilities. Instead of just showing you vulnerabilities through a presentation, we give an overview of the vulnerability, demonstrate it on an example vulnerable application, then discuss strategies to address the underlying cause of the issue.

On the day, we’ll start with the OWASP Top 10 and cover basic but key vulnerabilities such as Injection and Cross-site Scripting, before moving on to more complex issues such as filter evasion and business logic issues.

The Methodology

There’s more to effective security testing and secure system development than just knowing about vulnerabilities and their exploitation – we also cover the stages of a penetration test to ensure that your approach to security testing achieves good coverage:

  • Intelligence Gathering
  • Application Mapping
  • Vulnerability Discovery
  • Exploitation and Filter Evasion
  • Proof-of-Concept Development
  • Privilege Escalation

Hands-on Labs

Our bespoke hands-on labs cover common vulnerabilities with a range of difficulties and filters, allowing you to ensure that you’ve understood the fundamentals of a vulnerability before moving on to more challenging examples. We have a range of labs, such as:

  • Injection Vulnerabilities
  • Reflected and Stored Cross-site Scripting (XSS)
  • DOM-based Cross-site Scripting
  • Path Traversal
  • File Upload and Web Shells

Remediation

Whilst it’s often the least talked about part of security testing – remediation is of course the most important. It doesn’t matter how many vulnerabilities you find if you can’t quickly and effectively explain to the team how they can fix them. For each vulnerability discussed we will discuss a specific remediation, as well as giving examples of hardening options throughout to make applications more resilient to attacks in general.

This course is ideal for software developers looking to reinforce their foundational knowledge, stay ahead of evolving threats, and proactively secure their organisation’s web applications against attacks.

Benefits of our bespoke workshops:

Raise cybersecurity awareness within your organisation.

Up-skill your technical teams on how to more effectively defend your systems.

Deploy and improve internal protections to defend against attacks.

Our other training courses

In addition to Cybersecurity Training we also offer Penetration Testing and Cybersecurity Consultancy to offer a comprehensive suite of cybersecurity services.

Penetration Testing

Penetration Testing is one of the most effective ways to assess your systems security, discover vulnerabilities, and determine the real-world risk of any vulnerabilities that are present.

It goes much further than simply checking for missing software updates or weak passwords. Plus, it’s more effective than simple vulnerability scanning.

Cybersecurity Consultancy

From security architecture to security assessment, we offer a wide range of services to ensure the protection of your assets. We use a highly flexible methodology to ensure that our services are fully aligned to your needs, delivered by a bespoke team with the precise skills and depth of experience needed to understand your issues and then effectively deliver the desired outcome. With our security assurance services, you can have peace of mind knowing that your systems and data are well-protected.

WE CAN FIND YOUR VULNERABILITIES

BEFORE YOU ARE BREACHED

GET IN TOUCH

Play Cover Track Title
Track Authors