In this one-day, intensive introduction to web application security, developers directly explore common code vulnerabilities and how to mitigate them. The class is full of “uh, oh” moments when developers dramatically see the consequences of failing to write secure code, followed by the “ah, ha” satisfaction of correcting their code to make the vulnerabilities disappear.
SECURE CODING TRAINING OBJECTIVES
All students will learn how to:
Validate data to defend against injection and other attacks
Gain a deep understanding of SQL injection attacks and how to defend against them
SECURE CODING TRAINING PREREQUISITES
SECURE CODING TRAINING MATERIALS
This coding class includes electronic courseware and code examples.
SOFTWARE NEEDED FOR EACH PC:
Google Chrome and any other modern web browsers with which you would like to test
Related lab files
For classes delivered online, all participants need either dual monitors or a separate device logged into the online session so that they can do their work on one screen and watch the instructor on the other. A separate computer connected to a projector or large screen TV would be another way for students to see the instructor’s screen simultaneously with working on their own.
SECURE CODING TRAINING OUTLINE
Understand the Business Logic for the Data You Accept
Limit the Amount of Data You Are Willing to Accept
Use a Whitelist to Sanitize Incoming Data
Properly Handle Exceptions
Reminder: The User Interface Can Always be Bypassed