Course Description

This course introduces security concepts to members of the application team. This includes business analysts, developers, quality assurance, project managers, etc. Students will be introduced to common security terminology and concepts related to secure application development.

Team members will gain an understanding of foundational concepts, such as the OWASP Top 10. This course focuses on teaching the concepts of the security vulnerabilities so each student understands the issue and impact.

Application Security Professional

James Jardine

James Jardine is the CEO of Jardine Software Inc. He started is career as a developer, working on all types of projects across web, mobile, and desktop. James has spent the last 7 years focusing on application security. His over 15 years of combined experience provides a unique insight into both development and security for applications. James has presented and trained at Derbycon, Blackhat, Infosecworld, Hacker Halted and many others. He was previously an author and instructor at the SANS Institute where he taught the Secure Coding in .Net course.

Course curriculum

  • 1

    Introduction

    • Introduction to Application Security

    • Intro to OWASP

    • Resources and Links

  • 2

    Injection

  • 3

    Cross Site Scripting

    • XSS Brief Overview

    • Cross-Site Scripting

    • Demo - X-XSS-Protection

    • Demo - Content Security Policy

    • Demo - Output Encoding

  • 4

    Cross Site Request Forgery

    • CSRF Overview

    • CSRF Walkthrough - Part 1

    • CSRF Walkthrough - Part 2 (Remediation)

  • 5

    Sensitive Data

    • Sensitive Data Intro

    • Password Storage

  • 6

    Authentication and Sessions

    • Authentication

    • Forgot Password

    • Authorization

    • Security Questions

    • Insecure Direct Object Reference

    • Intro to Cookies

    • Session Management

    • Session Fixation

    • Resources and Links

  • 7

    3rd Party Code

    • 3rd Party Code

    • Resources and Links

  • 8

    Open Redirect

    • Insecure Redirect

    • Walkthrough - Open Redirect (Login)

  • 9

    Server Side Request Forgery

    • SSRF - Overview

    • Walkthrough - SSRF

Pricing options

Explain how different pricing options might be valuable to different segments of your audience.