OWASP Top Ten Secure Development Training

A first step towards secure code

Introduction

The OWASP Top Ten is a great place to start when learning about application security. OWASP is the Open Web Application Security Project and is a non-profit organisation that aims to educate individuals and organisations about web application security. They organise events, sponsor projects and run local chapter meetings to promote awareness of both offensive and defensive application security techniques.

Every three years (roughly) they publish something called the OWASP Top Ten which is a list of the ten most common web application security flaws seen in the real world and defence against these issues is intended as a good first step to secure software.

Our training

Our OWASP Top Ten for Developers training is an intensive half-day workshop that aims to provide developers with an understanding of these weaknesses, how they manifest themselves, how hackers find them and what the impact can be and then, most importantly, we explain how to code defensively to prevent these weaknesses. We explain what works and what doesn’t and some common issues we encounter during our penetrating testing engagements.

Benefits

Reduce Security Bugs

Get your developers up to speed on common application security issues and start to reduce the number of bugs in your software.

Reduce Security Testing Costs

Remove common issues earlier in the Software Development Lifecycle and save time and money on costly fixes once the pentesters have reviewed your application.

Compliance

Our OWASP Top Ten Secure Development training helps you meet your compliance requirements. For example, this workshop addresses PCI DSS requirement 6.5.

Raise Awareness

Your development team is focused on functional delivery. By raising awareness of malicious attack techniques through demonstration your developers can factor this knowledge into software design decisions. Result = more secure software.

What To Expect

Overview

The workshop runs for half a day though it can be extended by incorporating more practical examples if desired. The course is delivered on site at your office though if you prefer an external training facility can be booked or you can come to our office in Northamptonshire. We can accommodate up to around ten attendees.

Workshop Outline

Our workshop walks attendees through the OWASP Top Ten. Each issue is introduced, practical examples are given using our application security labs to show the potential impact, then defensive approaches are discussed. The workshop covers the following issues:

  • A1 – Injection
  • A2 – Broken Authentication and Session Management
  • A3 – Cross-Site Scripting (XSS)
  • A4 – Insecure Direct Object References
  • A5 – Security Misconfiguration
  • A6 – Sensitive Data Exposure
  • A7 – Missing Function Level Access Control
  • A8 – Cross-Site Request Forgery
  • A9 – Using Components with Known Vulnerabilities
  • A10 – Unvalidated Redirects and Forwards

Requirements

There are only two requirements we have for delivering the workshop at your office:

  • Projector with VGA or HDMI connector
  • Power

Resources

Download the information on this OWASP Top Ten Secure Development Workshop as a PDF.


Next Steps

Want to discuss your requirements further? Wondering whether OWASP Top Ten Secure Development Training is right for your business? There's an easy way to find out, give us a call or complete the contact form below to tell us where you're at and we will work with you to find the best solution for you.