Check Point/AppSec for Developers (CCPE)

AppSec for Developers (CCPE) Certification Training Course Overview

Overview

During this 2 day course, developers will be able to get on the same page with security professionals, understand their language, learn how to fix or mitigate vulnerabilities learnt duringthe class and get acquainted with some real-world breaches. The techniques discussed in this class are mainly focused on .NET, Java and NodeJS technologies owing to their huge adoption in various enterprises in building web applications. However, the approach is kept generic and developers from other language backgrounds can easily grasp and implement the knowledge learned within their own environments.Delegates will participate in a CTF challenge where they will have the chance to identify vulnerabilities in code snippets derived from real-world applications.

Target Audience
This course is ideal for Web/API developers who work day-in-day out building full-stack web applications or web APIs. Anyone who is looking to develop a skill-set into web application security and identify web application flaws can also benefit from this course.
 
Learning Objective
  • Covers industry standards such as OWASP top 10 with a practical demonstration of vulnerabilities complemented with hands-on lab practice.
  • Provides insights into the latest security vulnerabilities (such as host header injection, XML external entity injection, attacks on JWT tokens, deserialization vulnerabilities).
  • Offers thorough guidance on best security practices (Introduction to various security frameworks and tools and techniques for secure application development).
  • Makes real-world analogies for each vulnerability explained (Understand and appreciate why Facebook would pay $33,000 for XML Entity Injection vulnerability?).
 

AppSec for Developers (CCPE) (16 Hours) Download Course Contents

Live Virtual Classroom Fee On Request
Group Training
01 - 02 Nov GTR 09:00 AM - 05:00 PM CST
(8 Hours/Day)

06 - 07 Dec GTR 09:00 AM - 05:00 PM CST
(8 Hours/Day)

1-on-1 Training (GTR)
4 Hours
8 Hours
Week Days
Weekend

Start Time : At any time

12 AM
12 PM

GTR=Guaranteed to Run
Classroom Training (Available: London, Dubai, India, Sydney, Vancouver)
Duration : On Request
Fee : On Request
On Request
Special Solutions for Corporate Clients! Click here
Hire Our Trainers! Click here

Course Modules

Module 1: Application Security Basics
  • Why do we need Application Security?
  • Understanding OWASP TOP 10 2017
Module 2: Understanding the HTTP Protocol
  • Understanding HTTP/HTTPS protocol
  • Understanding Requests and Responses - Attack Surface
  • Configure Burpsuite to intercept HTTP/HTTPS traffic
Module 3: Security Misconfigurations
  • Common misconfigurations in Web applications
  • Sensitive Information exposure and how to avoid it
  • Using Softwares with known vulnerabilities
Module 4: Insufficient Logging and Monitoring
  • Types of Logging
  • Introduction to F-ELK
Module 5: Authentication Flaws
  • Understanding Anti-Automation Techniques
  • NoSQL Security
  • Understanding WebAuthn – Passwordless Authentication Framework
Module 6: Authorization Bypass Techniques
  • Securing JWT and OAuth
  • Local file Inclusion
  • Mass Assignment Vulnerability
Module 7: Cross-Site Scripting (XSS)
  • Types of XSS
  • Session Hijacking
  • Mitigating XSS
Module 8: Cross-Site Request Forgery Scripting
  • Understanding CSRF
  • Mitigating CSRF
Module 9: Server-Side Request Forgery (SSRF)
  • Understanding SSRF
  • Mitigating SSRF
Module 10: SQL Injection
  • Error and Blind SQL Injections
  • Mitigating SQL Injection
  • ORM Framework: HQL Injection
Module 11: XML External Entity (XXE) Attacks
  • Default XML Processors == XXE
  • Mitigating XXE
Module 12: Unrestricted File Uploads
  • Common Pitfalls around file upload
  • Mitigating File upload vulnerability
Module 13: Deserialization Vulnerabilities
  • What is Serialization?
  • Identifying Deserialization functions and deserialized data
  • Mitigation strategies for deserialization
Module 14: Client-Side Security Concerns
  • Understanding Same Origin Policy
  • Client-Side Security headers and their server configurations
Module 15: Source Code Review
  • What to check for Security in source code
  • CTF: A timed game to spot the flaws in the given Source Code samples
Module 16: DevSecOps
  • DevSecOps - What Why and How?
  • Case Study
Download Course Contents

Request More Information

Course Prerequisites
Delegates need to have a basic understanding of how web applications work with an added advantage for those who currently develop web applications. This training is a programming language agnostic.