Nullcon Sep Online Training 2021

Trainer Name: Gaurav Nayak , Mihir Doshi

Title: Now You Code SECURE - Secure Code Training

Duration: 4 Days

Dates: Sept. 23, 2021 To Sept. 26, 2021

Time: 10 a.m. To 2 p.m.

Training objective:

Lack of secure coding may lead to security vulnerabilities keeping the organization and its customers at risk.

For a long, Java has been widespread and has been popular to develop web applications. Due to its popularity, there has been a huge spike in its community, 3rd party modules/libraries, and frameworks. There are many reasons to learn secure coding and one of the reasons can be “Directly using solutions from the community” or “usage of 3rd party modules” without knowing about security.

This training tends to provide a guide to make the code secure and guard against security vulnerabilities. This training will help you in:

  • Understanding of secure coding best practices
  • Understanding of security vulnerabilities and their impact
  • Understanding of common mistakes at the code level
  • Guidance to fix the vulnerabilities by secure coding

 Training level: Intermediate; Advanced
Training outline:

* Day 1:

  • Why need Application Security?
  • Reactive vs Proactive approach
  • Web OWASP Top 10 2017
  • SQL Injection
  • Cross Site Scripting

* Day 2:

  • External XML Entity
  • Command Injection
  • Regular Expression Injection
  • CSRF
  • Open Redirection
  • Insecure File Upload

* Day 3:

  • Access Control Flaw
  • Insecure Deserialization
  • Insecure Session Management
  • LFI vs RFI
  • SSRFBusiness Logic

* Day 4:

  • SSTI
  • Insecure Communication
  • ClickJacking
  • Error Handling
  • Best Practices
    • Input Validation
    • User Authentication
    • Security headers
    • Password Handling
    • Logging and Auditing

 What to bring:

  • Laptop with good configuration and admin privilege
  • Virtual Box or VMware workstation
  • Burp Suite Community or Pro

 Training prerequisites:

  • Basic programming knowledge
  • Basic understanding of Java (Servlet/jsp)
  • Basic knowledge of burp suite (Good to have)
  • Willingness to learn something new

 Who should attend?:

  • Security Analysts/Consultants
  • Security enthusiasts
  • Java application developers

What to expect?:

  • Developers can expect to code securely
  • Security analysts/consultants can expect to learn secure code review
  • Hands-on exercise on a real-life application

What attendees will get:

  • All training content
  • VM containing the vulnerable application

About the Trainer

Gaurav Nayak is an information security professional having 8+ years of corporate experience with expertise in web, mobile, secure source code review, and development. He is active in open security communities like null, OWASP and in the past, he has also given talks at such local communities. In his spare time, he loves to learn about binary exploitation and trekking.

Mihir Doshi is an information security enthusiast having 6+ years of corporate experience. His expertise is in web, mobile application security assessment, and development. He is active in open security communities like null, OWASP and in the past, he has also given talks at such local communities. He gives his spare time learning IoT security, popping up machines on hack the box, and playing games.