Introduction to AppSec Course

We noticed existing courses tended to focus on the major categories of security issues/OWASP Top 10 and ignored common sources of breaches such as social engineering, account-based attacks, configuration issues and flawed OAuth implementations.

Furthermore, AppSec courses are often delivered by penetration testing firms and do not cover crucial approaches needed to develop secure software such as threat modeling, tooling, how to review code for security issues and balancing & prioritizing security concerns alongside other development work.

This course was created by developers who’ve moved to AppSec focused roles and we worked closely with our security partners and experts in the pen-testing world to align our curriculum with real-world issues and incidents.

The course runs over 3 half days, is technology agnostic and divided into 6 modules (all of which can be run individually):

• Security Foundations - Key concepts and terminology from reconnaissance to CVE's to Shells to hashing & encryption building blocks
• Account based attacks – Social engineering, password spraying, breaches, 2FA (and how to circumvent it)  
• Security Issues – Major categories of web-based security issues, step-by-step examples showing how they are exploited and how to prevent them
• Threat Modelling – Introduction to threat modelling practices with STRIDE
• Secure Coding Practices – How to review code for security issues, common mistakes and patterns and build and deployment pipelines
• OAuth and Tokens – OAuth overview, OAuth flows and common implementation mistakes

For further information please refer to: App SecurityTraining by Kodez

Kodez Introduction to AppSec provides an essential base-line of AppSec knowledge and skills assisting the creation of secure and robust solutions.

Talk to us today about running this training for your team.

‍

‍