The application layer is becoming more and more important in the work of securing our IT systems. Many applications are developed in-house as opposed to operating systems and application servers, thus security becomes dependent on our developers and our development methodology.

"Secure Application Development" is a three-day hands-on course covering vulnerabilities, secure programming and secure application esign.

"Security Features Are Not Secure Features" - Michael Howard, Microsoft Corp..

Not even the most sophisticated firewalls and security features can maintain the security of applications that have security holes and vulnerabilities. An attacker can exploit vulnerabilities to get in thought a "back door" without being authenticated and often gain full access rights. "Secure Application Development" is a practical course in the development of secure software, i.e. how to avoid security holes when designing and developing applications.

The course is based around a vulnerable server application, written specifically for the course. Step by step, you gradually learn to attack the application and then to secure it through changes in design and program code. Attacks and corresponding countermeasures include injection attacks, cross site scripting, cookie management, secure login, input validation, security logging, and more.

You get to:

• See how the vulnerabilities and security holes look like in actual code and design
• Implement various forms of security attacks on software systems
• Test the impact of security attacks
• Implement changes in design and code to secure the system
• Learn how to eliminate vulnerabilities during the development
The course is available in two variants: one focused on Java EE and one focused on .Net

More info about Java EE variant is available here (pdf).

More info about. Net version is available here (pdf).

Welcome!