Website & app security
starts 
with the code


Security knowledge transfer is one of the most important contributing factors towards embedded, scalable, cost-effective security. In today’s ever-changing technological landscape, application security is an added complexity that might be overlooked, in response, we developed our Secure Coding Workshop.

SCW-Button-1
Asset 3-1

What is it?

A developer builds; a pentester breaks. This workshop provides practical insight into the mind of a hacker, equipping you with the same tools hackers utilise.  The workshop is usually offered on-site, perhaps following a pentest which identified possible problems in the codebase. During the course, we'll identify the most common security issues and show your developers best practice skills for correcting them.

Asset 1-1

Who is it for?

Highly-experienced pentesters who were developers deliver this workshop with the intention of making secure coding a practical skill rather than a technical burden. It’s an intimate techie-to-techie workshop, limited to a maximum of 10 participants. Our heavily practical course is tailored to you, delivered in the programming language you use, whether that is PHP, .NET, or Java and because our course deliverer signs an NDA, you can openly discuss the problems in your company’s codebase.

Asset 2-1

How can we help?

We offer a long-term investment, showing developers the best way to spot a vulnerability in code, exploit the vulnerability and how to fix it. We’ll also equip developers with best-practice methods to avoid these types of errors in future. Our hands-on coding workshop helps organisations develop and deploy applications that are inherently more secure, by promoting ‘security-by-design’: an ethos where security is baked into every stage of the software development life cycle rather than fixing repeated common coding errors.

Security-by-design helps by:

  • Reducing the risk exposure
  • Shortening the testing cycle
  • Reducing the requirements for re-work and retesting
  • Motivating developers by investing in their professional development and skill-set

SCW-Button-1

Day 1 

Aimed at raising awareness, this introductory session gives a general overview of how security testers and hackers go about finding web application vulnerabilities. Each session is a combination of instruction, demonstration and practical application where you will learn how to hack, find errors in code, fix those errors and test the fixes. We’ll cover:

  • Think like a pentester - learn practical tools of the trade, how to set them up and use them properly
  • Authentication - learn best practice methods for password storage and management and user authentication
  • Session management - learn how to handle user permissions and privileges and session tokens and observe demonstrations on session fixation and cross-site request forgery
  • Authorisation - focus on horizontal and vertical privilege escalation with a forced browsing demonstration and parameter tampering practical session

Day 2

Discussing security areas in detail, these sessions include a number of demonstrations and  practical applications, highlighting issues a web developer might face as well as detailing typical mistakes and how to avoid them. The sessions are:

  • More vulnerabilities - master server-side request forgeries and XML vulnerabilities with practical exercises
  • Advanced injection - focus on blind SQLi, path traversal, shell injection and advanced cross-site scripting (XSS) with demos covering content security policy, second order SQL injection, encoding and escaping
  • Cryptography - learn how to identify implementation flaws and protocol flaws in SSL certificates and security headers
SCW-Button-1
Asset 1-2

Requirements

Each attendee will require a laptop with VirtualBox installed.  Before the first session, you will be given a link to download a virtual machine containing the example vulnerable web application and tools required for testing so that the course can start without set-up delays.

Asset 6

Pricing

The two-day workshop delivered to up to 5 people is £6,000. Up to 5 more people can be added to the workshop at a cost of £500 per person. Pricing does not include reasonable expenses and travel costs for the workshop instructor, all of which are agreed in advance. Pricing excludes VAT.
SCW-Button-1

Why Secarma?

We love what we do, and we’re passionate about cybersecurity. Since we started out in 2001 (formerly as Pentest Ltd), we’ve continuously invested in research, technology, our people, and the depth of security services we offer.

We understand that developers face pressure to deliver secure applications against a backdrop of increasingly sophisticated techniques. Our workshop leaders are former developers who understand this pressure and who call upon their unique skill-set as penetration testers to impart their knowledge of secure coding.

It’s through this unique mix of training and experience, that we’re able to help protect your business.

Register your interest