Threat Modelling & Web Application Security
Learn how to protect your web application from vulnerabilities and common attacks
Who Should Attend?
Organisations who would want to understand more about how to protect themselves from online attack.
Course Duration
1 Day
Course Overview
The course is centred around the principle of understanding, documenting and modelling threats and mitigations. Each element of the course provides sections for discussion, demonstrations, examples and extensive use of practical elements. These are then linked back to the data flow diagram and threat model. The course also examines problems commonly found in situations like corporate intranets, cloud deployments and open source projects.
Course Outputs
By the end of the course, delegates will be able to
- Identify and fix security flaws that exist both within their own code and within the environment into which it will be deployed.
- Learn the important questions to ask when evaluating security risks
- Learn how to model your designs in a way that exposes potential attacks
- Learn how to think from the perspective of an attacker
- Be able to mitigate the most common attack vectors, produce designs that expose the smallest possible target to attackers, conduct audits and code reviews.
Course Conduct
During the course delegates will work with some of the common tools used by potential attackers and understand how to test applications for security issues. The delivery is highly interactive and practical, with delegates spending a significant portion of their time compromising the sample applications. It includes a comprehensive, guided and fast paced leaderboard session (‘capture the flag’) which assists with cementing the previous exercises by exploring and practising penetration & security testing techniques.