SERVICES

APPLICATION SECURITY TRAINING

To produce secure software, individuals in technical roles (developers, testers, and program managers) directly involved with developing software programs must understand the risks involved and have the proper training on how to prevent or mitigate them – should they arise.

Understanding software security threats is the foundation for building better software. By allowing developers to stay informed about security basics and the latest trends in security and privacy, you’ll increase their commitment to writing more secure software.

Komodo’s application security training program covers topics such as:

Threat Modeling: Defining business objectives, user roles, data and use cases – identify threats that can compromise Confidentiality, Integrity and data availability.
Secure Design Principles: Includes attack surface reduction, defense in-depth, the principle of least privilege, and secure defaults.
Secure Coding: Includes buffer overruns mitigation, error handling, input validation, proper encoding techniques, and cryptography.
Common Attacks: Includes an introduction to OWASP top 10, SQL injections, Cross-site Scripting, and clickjacking.
Application Security Basics: a broad intro into the application security domain covering all of the above.

Our experts also develop custom training plans according to the relevant audience and your organization's needs.

Syllabus

Please find below optional syllabuses of some of the courses we offer:

1. Introduction to Application Security (.NET/Java)

a. Terminology and Basics

i. CIA

ii. Threat agent/Vulnerability

iii. Layers of attacks

b. OWASP Top 10 Web Application Security Vulnerabilities (+ Demo)

i. A1-Injection

ii. A2-Cross site Scripting (XSS)

iii. A3-Broken Authentication and Session Management

iv. A4-Insecure Direct Object References

v. A5-Cross Site Request Forgery (CSRF)

vi. A6-Security Misconfiguration

vii. A7-Insecure Cryptographic Storage

viii. A8-Failure to Restrict URL Access

ix. A9-Insufficient Transport Layer Protection

x. A10-Unvalidated Redirects and Forwards

c. How to Take Counter-Measures?

i. Secure Coding Guidelines

ii. Examples

2. Introduction to Secure Cobol Development in zOS

a. Terminology and Basics

i. CIA

ii. Threat agent/Vulnerability

iii. Layers of attacks

b. Security Risks

i. Information Exposure

ii. System Corruption

c. General Mitigation

i. Input Validation

ii. Error Handling

iii. Reduction of Complexity

iv. Secure Coding Standards

d. COBOL Batch Security Risks

i. Log Forging

ii. Path Manipulation

iii. Information Leak

iv. Privacy Violations

v. Ignored Errors

vi. Insufficient Input Validation

vii. Inappropriate or Harmful Comments

viii. Obfuscated Code

ix. Weak Encryption

3. Introduction to Secured Mobile Development (iOS/Android)

a. Mobile Security Basics

b. Mobile Threat Modeling

c. Top 10 Mobile Security Risks

i. Insecure Data Storage

ii. Weak Server Side Controls

iii. Insufficient Transport Layer Protection

iv. Client Side Injection

v. Poor Authentication and Authorization

vi. Improper Session Handling

vii. Security Decisions Via Untrusted Inputs

viii. Side Channel Data Leakage

ix. Broken Cryptography

x. Sensitive Information Disclosure

d. Mobile Security Best Practices

Secure Your Web Applications, APIs & Mobile Apps

with Advanced Black Box Penetration Testing Services

Contact Us

CONTACT

BLOG

PowerShell SMB Scanner: Lightweight Tool for Red Team SMB Enumeration (OpenSource)

2 min read

How SMB Misconfigurations Can Lead to Full Network Takeover: A Red Team Case Study

4 min read

How CISO as a Service can Improve Your Security Posture and Reduce Costs

4 min read

LET'S GET IN TOUCH

Fill out this form, give us a
call, or drop us an email and
we’ll get back to you as
soon as possible!

info@komodosec.com