Secure Web Dev

Secure Web Development Training

MDSec’s Secure Development courses provide interactive security examples within sample applications, allowing the trainee to view secure and insecure coding patterns first-hand. We cover all applications of appsec including the OWASP Top 10 and PCI compliance points, but most of all: we promote a security mindset throughout the course, which allows trainees to see code and design as an attacker would.
The course provides the essential skills needed to embed security into an SDLC:

  • Perform code peer-reviews that include security
  • Consider abuse cases – what would you like your software not to do?
  • Mentally threat model applications
  • Find, test for and avoid vulnerabilities during development via debugging, black box testing, and code analysis

Key Points:

  • OWASP Top 10 (2013) coverage
  •  SCORM-Compliant
  • Built-in Knowledge Assessment

Course Contents

In order to minimise the impact on development teams, we typically offer our course as a 2-day course, and offer condensed versions including:

  • Online, self-paced e-learning, following SCORM-compliant materials such as videos, quizzes on each topic, and a sample vulnerable application to download
  • 1 or 2-hour briefing sessions, covering some of the most high-profile, thought-provoking hacks spread across the breadth of the subject, and discussions on how to find and avoid these at a high level.
  • A 1-day course, covering the OWASP Top 10 in brief and giving an overview of defensive techniques
  • A 2-day course, covering topics as described in the image below

A typical course outline incorporates the OWASP Top 10 (2013 Edition) at its core, with overall security context and secure design concepts in the introduction and concluding modules. Coverage is normally focused on either J2EE, .NET or PHP.









Related services include:

Ready to start testing your applications?

Speak to one of our industry experts and find out how MDSec can help your business.

+44 (0) 1625 263 503