IT Professionals New Zealand | Te Pou Hangarau Ngaio

Hands-on security: Testing your web apps for exploits

Security is a fundamental part of web development, software development or cloud services within an organisation. But often devs, managers and other staff with responsibility don't have the tools or knowledge to take a formal structured approach to minimising risk.

Our new "Hands-on security" course is a comprehensive one-day course covering the most common current web security exploits and the tools that developers, testers, engineers and security analysts can use every day to detect and protect against vulnerabilities.

Duration:Full Day

The workshop covers the following:

As well as covering general security principles, this course will cover off tools, code and documentation, for example:

Tools:

• Zed Attack Proxy (web app vulnerability scanner)
• Offensive Web Testing Framework
• Web Testing Environment Project
• Dependency checking

Code:

• ModSecurity Core Rule Set Project
• CSRFGuard Project
• Appsensor Project

Documentation:

• Application security verification project
• Software Assurance maturity model
• OWASP Top Ten Project
• Testing Guide project 

Objectives

At the end of the course attendees will:

• Have developed a working knowledge of frameworks (such as OWASP)
• Have developed hands-on familiarity with several security assessment tools (specifically ZAP and OWTF)
• Understand what is required for an application to meet Application Security Verification Standards
• Understood the principles and value of intruder detection systems and dependency checking
• Understand security assessment management tools such as the developer guide, code guidelines, and static analysis tools
• Gain awareness of upcoming security projects
• Have some practical tools and skills they can immediately apply within their organisation 

Target Audience

Anyone responsible for web development, software development or cloud services within an organisation including dev teams, testers, security analysts, managers and more.

About The Trainer

Dr Elf Eldridge is a consultant for security consultancy Cyber Toa. Previously he taught computer science, engineering, physics and mathematics at Victoria Univerity of Wellington from 2013-2017 after obtaining his PhD through The MacDiarmid Institute for Advanced Materials and Nanotechnology.

Registration Details:

You can register for this event via Credit Card online now by using the link below, or alternatively call 0800 252 255 with your Credit Card details.

ITP Corporate Partners and approved organisations can opt to pay by invoice by calling 0800 252 255 or emailing attendee and business details through to [email protected]. Credit criteria and other conditions apply.