Web Application Security

Full-Day Tutorial (6 hours)

All levels

Timetable

9:00 a.m.-5:00 p.m.

Monday 12th

Audience

Anyone interested in developing their technical and security testing skills

Required

Laptop, Docker, TicketMagpie, Zed Attack Proxy or BurpSuite Free

Key-Learning

- Explore web security within agile and context driven testing, threat modelling, security heuristics, vulnerabilities, ethical hacking

A hands on testing challenge

A practical, interactive workshop, introducing and exploring web application security challenges

We know that application security is important. We have to protect our customers' data and our employers' data while keeping our systems up and running. But do we have the skills and knowledge to meet that challenge?

During this workshop, we will explore some of the skills, and techniques of security testing by working with a vulnerable web application. Through interactive hands-on learning, we will discover the key security issues that affect web applications today. Testers will learn skills to identify software vulnerabilities and understand common threats and risks that occur in web-applications. We will also examine some of the tools and utilities that can enhance and extend security testing efforts.

Building upon personal experience of integrating security testing into an existing organisation, incorporating DevOps, continuous delivery and integration, this workshop will highlight and discuss the reflections of learning from hackers, recent breaches and the socio-economic, political and technical impact upon software development organisations. Attendees will take away a set of advice and techniques to incorporate and enable security testing into their day to day work, answering some of the questions that may arise around scope, skills, tools, models and learning.