Security courses by Netcraft

This is presented as a two-day in-house course for web application development teams and is preceded by the development of some bespoke material based on your own sites. It is aimed at application developers and technical managers and concentrates on how to design and code secure internet applications.

The course draws on the presenters' experience of stereotypical errors uncovered in the course of testing many web based applications. The aim of the course is to help developers ‘think security’ while developing applications, and is particularly useful as an immediate follow on after an application test.

Entertaining and useful practical sessions are a key part of the course. These include an attack on your own site and a “Treasure Hunt” whereby participants attempt to uncover vulnerabilities in applications hosted on the presenter’s machine.

Course topics

• Why web-based applications are insecure
• Problems of session management
• Getting to know your enemy
• Reconnaissance (using your own web presence as an example)
• Testing the perimeter defences
• Soft/non-technical security risks
• Defensive design and coding

The course includes practical sessions where students can attempt finding vulnerabilities in applications, and identify ways in which the problems could be fixed or avoided.