WhiteHat Security Delivers New Crash Course Series to Grow AppSec Expertise

Written by David Marshall

Today, WhiteHat Security, leading application security provider, launched its "Crash Course" series, which includes three webinars run by Kimberly Chung, who runs the Threat Research Center's WhiteHat Academy.

"WhiteHat has made a major commitment to educating and training the wider security and developer community. The WCSD program, Crash Course series and on-demand technical webinars-all provided for free-- demonstrate the company's long-term commitment to supporting industry professionals and helping them fulfill their potential," commented Eric Sheridan, chief scientist at WhiteHat and leader of the WCSD program.

The series complements the successful WhiteHat Certified Secure Developer (WCSD) program, which has enrolled more than 3,300 people and certified more than 500 developers in 2017 alone. The series is specifically tailored for application developers, security analysts, architects, managers or auditors and any security professionals interested in learning how web application security is key to vulnerability management. 
 

"It's only through education initiatives such as these that application security can be improved and the vital close cooperation between security practitioners and developers can be achieved," continued Sheridan.  

The new Crash Course training series focuses on defending against the most common and critical web application vulnerabilities, starting with secure design and coding practices. The series will help participants develop a better understanding of how to identify threats and implement defensive tactics when securing apps against exploitation. The three-part series begins later this month (April 24) and continues with additional training webinars in May and June (May 15 and June 5, respectively). Registration is available now, and all participants will receive CPE credits for each course completed.

Topics
Addressed:


• Sensitive Data Exposure: Introduction to web application security concepts such as testing methodologies, threat modeling, the reconnaissance phase of testing and some of the most common vulnerabilities that lead to sensitive data exposure, such as: information leakage, fingerprinting, directory indexing, and server/application misconfiguration.

• Injection-based Vulnerabilities: Introduction to some of the most critical injection-based vulnerabilities as described in the OWASP top 10 and walk throughs of how these attacks play out in conjunction with social engineering. Vulnerabilities covered: improper input handling, SQL and XML injection, cross site scripting, content spoofing, and URL redirector abuse.

• Broken Authentication/Access Control: Introduction to how hackers can circumvent access controls and application logic to gain access to sensitive content and functionality. Vulnerabilities covered: brute force, insufficient authorization/authentication, insufficient session expiration, session prediction, cross site request forgery, and insufficient process validation.

Security professionals can also register for the on-demand WhiteHat Certified Secure Developer (WCSD) program, available at no cost and consisting of five on-demand training webinars. Additionally, WhiteHat is also offering an on-demand version of the "Security Addendum to the Twelve Factor App" based on the Twelve Factor App, a methodology that developers can apply to build software-as-a-service apps that are both scalable and maintainable in a DevOps world.