• Flag USA
  • Flag SPA

AppSec for Developers

A highly-practical class that targets web developers, pentesters, and anyone else wanting to write secure code, or audit code against security flaws. The class covers a variety of the best security practices and in-depth defense approaches which developers should be aware of while developing applications. The class also covers some quick techniques which developers can use to identify various security issues throughout the code review process.

Students can access our online lab which is purposely riddled with multiple vulnerabilities. Students will receive demonstrations and hands-on practice of the vulnerabilities to better understand and grasp the issues, followed by various techniques and recommendations on how to go about fixing them. While the class covers industry standards such as OWASP Top 10 and SANS top 25 security issues, it also covers real world issues like various Business Logic and Authorization flaws.


  • Covers latest industry standards such as OWASP Top 10 with practical demonstrations of vulnerabilities complemented with Hands-on Lab practice.

  • Insight into the latest security vulnerabilities (such as Host Header Injection, XML Entity Injection,Web-Services and API Security).

  • Thorough guidance on the best security practices (Introduction to various Security Frameworks and tools and techniques for Secure Development).

  • References to real world analogy for each vulnerability (Understand and appreciate why Facebook would pay $33,000 for XML Entity Injection Vulnerability?).

  • Online Lab available for practicing during and after the course (2 Days).

  • Internet distribution of all course materials.

Day 1:

  • Application Security Basics

  • Understanding the HTTP protocol

  • Security Misconfigurations

  • Authentication Flaws

  • Authorization Bypass

  • Cross Site Scripting (XSS)

Day 2:

  • Cross Site Request Forgery (CSRF)

  • SQL Injection

  • XML External Entity (XXE) Attacks

  • Insecure File Uploads

  • Client Side Security

  • Source Code Review

  • Threat Modelling

Who should take this class?

This training is ideal for: Software/Web developers, PL/SQL developers, Penetration Testers, Security Auditors, Administrators, DBAs and Security Managers.

Training is offered in-house or publicly, depending on the number of candidates. Contact us for more information.
Dominating Burp Suite
Learn how to use both the typical functions and the lesser-known ones hidden among the tabs of Burp Suite. Develop your first extension in Python, Ruby, or Java and leverage the API.
20 hr
Web Hacking
The attendees will learn about tools and techniques to hack components involved in Web Applications and will leave with a solid understanding of the concepts upon which these tools are based.
20 hr
AppSec for Developers
Covers a variety of best security practices and in-depth defense approaches of which developers should be aware, as well as some quick techniques to identify various security issues.
20 hr

Let's Work Together


    • Technical & Dev Lab:
      Corrientes Av. 1386 9° 14° Floor
      C1043ABN Buenos Aires, Argentina
      18585 Coastal Highway, Unit 10 #365
      Rehoboth Beach, DE 19971, United States