Website & app security
starts with the code

Security knowledge transfer is one of the most important contributing factors towards embedded, scalable, cost-effective security. In today’s ever-changing technological landscape, application security is an added complexity that might be overlooked, in response, we developed our Secure Coding Workshop.


Day 1

Aimed at raising awareness, this introductory session gives a general overview of how security testers and hackers go about finding web application vulnerabilities. Each session is a combination of instruction, demonstration and practical application where you will learn how to hack, find errors in code, fix those errors and test the fixes. We’ll cover:

  • Think like a pentester - learn practical tools of the trade, how to set them up and use them properly
  • Authentication - learn best practice methods for password storage and management and user authentication
  • Session management - learn how to handle user permissions and privileges and session tokens and observe demonstrations on session fixation and cross-site request forgery
  • Authorisation - focus on horizontal and vertical privilege escalation with a forced browsing demonstration and parameter tampering practical session

Day 2

Discussing security areas in detail, these sessions include a number of demonstrations and practical applications, highlighting issues a web developer might face as well as detailing typical mistakes and how to avoid them. The sessions are:

  • More vulnerabilities - master server-side request forgeries and XML vulnerabilities with practical exercises
  • Advanced injection - focus on blind SQLi, path traversal, shell injection and advanced cross-site scripting (XSS) with demos covering content security policy, second order SQL injection, encoding and escaping
  • Cryptography - learn how to identify implementation flaws and protocol flaws in SSL certificates and security headers

Requirements

Each attendee will require a laptop with VirtualBox installed. Before the first session, you will be given a link to download a virtual machine containing the example vulnerable web application and tools required for testing so that the course can start without set-up delays.

Pricing

The two-day workshop delivered to up to 5 people is £6,000. Up to 5 more people can be added to the workshop at a cost of £500 per person. Pricing does not include reasonable expenses and travel costs for the workshop instructor, all of which are agreed in advance. Pricing excludes VAT.


Why Secarma?

We love what we do, and we’re passionate about cybersecurity. Since we started out in 2001 (formerly as Pentest Ltd), we’ve continuously invested in research, technology, our people, and the depth of security services we offer.

We understand that developers face pressure to deliver secure applications against a backdrop of increasingly sophisticated techniques. Our workshop leaders are former developers who understand this pressure and who call upon their unique skill-set as penetration testers to impart their knowledge of secure coding.

We love what we do, and we’re passionate about cybersecurity. Since we started out in 2001 (formerly as Pentest Ltd), we’ve continuously invested in research, technology, our people, and the depth of security services we offer.


Secarma Accreditations Crest Accredited IT Health Check Service ISO 9001 IS0 27001 Cyber Essentials Accreditation