This is the course to take if you have to defend web applications!
The quantity and importance of data entrusted to web applications is increasing, and defenders need to learn how to secure these critical data. Traditional network defenses such as firewalls fail to secure web applications. In covering the OWASP Top 10 Risks and beyond,
The course will present mitigation strategies from an infrastructure, architecture, and coding perspective alongside real-world techniques that have been proven to work. We'll introduce the nature of each vulnerability to help you understand why it happens, then we'll show you how to identify the vulnerability and provide options to mitigate it.
To maximize the benefit for a wider range of audiences, the discussions in this course will be programming language agnostic. The focus will be maintained on security strategies rather than coding-level implementation.
You Will Learn:
- How to comprehensively remediate common web application vulnerabilities.
- How to apply defensive application design and coding practices to avoid security vulnerabilities.
- The HTTP protocol and new technologies such as HTTP/2, QUIC (HTTP/3), and Websockets that affect the protocol stack.
- How to move away from basic web application security principles of "validating more" and implement effective security controls against vulnerabilities that input validation simply does not fix.
- How to customize, implement, and maintain a baseline security standard for the web applications development lifecycle (SANS SWAT checklist), improving security and reducing exposure to common vulnerabilities such as the OWASP Top 10 Risks.
- How to leverage HTTP header-level protection to apply strong defense systems on the client side by building another layer of defense on top of secure coding on the server side.
- How to design better and stronger security architecture that includes infrastructure aspects in the design process.
- How to leverage and uplift the modern security features in the web browser to further enhance the overall security of the application
Hi, I’m MSSASSI Souhail
He is a Cyber Security Consultant resident in Morocco, he has a 4+ years experience in cybersecurity in offensive Security specialized in application security, cryptography and security of decentralized applications,
He conducted several audit missions, particularly in the banking sector, especially in their infrastructures. In parallel, he also does research in the field of security especially everything related to cryptography.