WhiteHat Certified Secure Developer

Webinar Descriptions

  1. Introduction to Application Security for Developers

Discussion topics:

  • Review the state of applications and why they are attacked.
  • Understand the external and internal threats facing applications.
  • Emphasize the significance of security throughout the SDLC.
  • Summarize several secure design patterns that every developer should know.
  • Homework: Watch the following from the “OWASP Top Ten for Developers” CBT course:
    • A0 – Introduction to Application Security
  •  Homework: Watch the following on-demand webinars:

 

  1. Applying Secure Design Patterns to Common Vulnerabilities

Discussion topics:

  • Review common vulnerabilities within the context of source code, including: XSS, SQLI, CSRF, Buffer Overflow and Format String.
  • Explore secure coding design patterns necessary to thwart these common vulnerabilities.
  • Highlight third-party libraries and frameworks, where applicable.
  • Homework: Watch the following from the “OWASP Top Ten for Developers” CBT course:
    • A1 – Injection
    • A3 – Cross-Site Scripting
    • A8 – Cross-Site Request Forgery

 

  1. Applying Secure Design Patterns to Services and APIs

    Discussion topics:

    • Review the risks of integrating with third-party services.
    • Explore secure coding design patterns necessary to securely expose a service.
    • Explore secure coding design patterns necessary to securely integrate with a service.
    • Highlight third-party libraries and frameworks, where applicable.
    • Homework: Watch the following from the “OWASP Top Ten for Developers” CBT course:
      • A2 – Broken Authentication and Session Management
      • A5 – Security Misconfiguration
      • A7 – Missing Function Level Access Control

 

  1. Verifying Secure Design Patterns through Testing

Discussion topics:

  • Emphasize the importance of verifying adherence to secure design patterns.
  • Introduce multiple forms of security testing, including dynamic and static testing.
  • Expose developers to security tools that can be used to facilitate manual, targeted verification.
  • Homework: Watch the following from the “OWASP Top Ten for Developers” CBT course:
    • A4 – Insecure Direct Object References

 

  1. Integrating Continuous Verification into the Software Development Process

Discussion topics: