• info@securelayer7.net
+1-(302)-391-0803
secure-coding-workshop | coding training | website and app secure code
what-is-it

What is it?

A developer builds; a pentester breaks. This workshop provides practical insight into the mind of a hacker, equipping you with the same tools hackers utilise.

The workshop is usually offered on-site, perhaps following a pentest which identified possible problems in the codebase. During the course, we'll identify the most common security issues and show your developers best practice skills for correcting them.

who-is-it-for

Who is it for?

Highly-experienced pentesters who were developers deliver this workshop with the intention of making secure coding a practical skill rather than a technical burden. It's an intimate techie-to-techie workshop, limited to a maximum of 10 participants.

Our heavily practical course is tailored to you, delivered in the programming language you use, whether that is PHP, .NET, or Java and because our course deliverer signs an NDA, you can openly discuss the problems in your company's codebase.

what-is-it

How can we help?

We offer a long-term investment, showing developers the best way to spot a vulnerability in code, exploit the vulnerability and how to fix it. We'll also equip developers with best-practice methods to avoid these types of errors in future. Our hands-on coding workshop helps organisations develop and deploy applications that are inherently more secure, by promoting ‘security-by-design': an ethos where security is baked into every stage of the software development life cycle rather than fixing repeated common coding errors.

Security-by-design helps by:

  • Reducing the risk exposure
  • Shortening the testing cycle
  • Reducing the requirements for re-work and retesting
  • Motivating developers by investing in their professional development and skill-set
Register Now!

Day 1

Aimed at raising awareness, this introductory session gives a general overview of how security testers and hackers go about finding web application vulnerabilities. Each session is a combination of instruction, demonstration and practical application where you will learn how to hack, find errors in code, fix those errors and test the fixes. We'll cover:

  • Think like a pentester - learn practical tools of the trade, how to set them up and use them properly
  • Authentication - learn best practice methods for password storage and management and user authentication
  • Session management - learn how to handle user permissions and privileges and session tokens and observe demonstrations on session fixation and cross-site request forgery
  • Authorisation - focus on horizontal and vertical privilege escalation with a forced browsing demonstration and parameter tampering practical session

Day 2

Discussing security areas in detail, these sessions include a number of demonstrations and practical applications, highlighting issues a web developer might face as well as detailing typical mistakes and how to avoid them. The sessions are:

  • More vulnerabilities - master server-side request forgeries and XML vulnerabilities with practical exercises
  • Advanced injection - focus on blind SQLi, path traversal, shell injection and advanced cross-site scripting (XSS) with demos covering content security policy, second order SQL injection, encoding and escaping
  • Cryptography - learn how to identify implementation flaws and protocol flaws in SSL certificates and security headers

Day 3

It uses a dictionary of over 200 Latin words, combined with a handful of model sentence structures, to generate Lorem Ipsum which looks reasonable. The generated Lorem Ipsum is therefore always free from repetition, injected humour, or non-characteristic words etc.

  • More vulnerabilities - master server-side request forgeries and XML vulnerabilities with practical exercises
  • Advanced injection - focus on blind SQLi, path traversal, shell injection and advanced cross-site scripting (XSS) with demos covering content security policy, second order SQL injection, encoding and escaping
  • Cryptography - learn how to identify implementation flaws and protocol flaws in SSL certificates and security headers

Day 4

The standard chunk of Lorem Ipsum used since the 1500s is reproduced below for those interested. Sections 1.10.32 and 1.10.33 from "de Finibus Bonorum et Malorum" by Cicero are also reproduced in their exact original form, accompanied by English versions from the 1914 translation by H. Rackham.

  • Think like a pentester - learn practical tools of the trade, how to set them up and use them properly
  • Authentication - learn best practice methods for password storage and management and user authentication
  • Session management - learn how to handle user permissions and privileges and session tokens and observe demonstrations on session fixation and cross-site request forgery
  • Authorisation - focus on horizontal and vertical privilege escalation with a forced browsing demonstration and parameter tampering practical session

Requirements

Each attendee will require a laptop with VirtualBox installed. Before the first session, you will be given a link to download a virtual machine containing the example vulnerable web application and tools required for testing so that the course can start without set-up delays.

Pricing

The two-day workshop delivered to up to 5 people is £6,000. Up to 5 more people can be added to the workshop at a cost of £500 per person. Pricing does not include reasonable expenses and travel costs for the workshop instructor, all of which are agreed in advance. Pricing excludes VAT.

Why SecureLayer7?

Contrary to popular belief, Lorem Ipsum is not simply random text. It has roots in a piece of classical Latin literature from 45 BC, making it over 2000 years old. Richard McClintock, a Latin professor at Hampden-Sydney College in Virginia, looked up one of the more obscure Latin words, consectetur, from a Lorem Ipsum passage, and going through the cites of the word in classical literature, discovered the undoubtable source. Lorem Ipsum comes from sections 1.10.32 and 1.10.33 of "de Finibus Bonorum et Malorum" (The Extremes of Good and Evil) by Cicero, written in 45 BC. This book is a treatise on the theory of ethics, very popular during the Renaissance. The first line of Lorem Ipsum, "Lorem ipsum dolor sit amet..", comes from a line in section 1.10.32.

The standard chunk of Lorem Ipsum used since the 1500s is reproduced below for those interested. Sections 1.10.32 and 1.10.33 from "de Finibus Bonorum et Malorum" by Cicero are also reproduced in their exact original form, accompanied by English versions from the 1914 translation by H. Rackham.

Register Now!