Developer Application Security Awareness Training

A crucial first step in building an effective Secure Development Lifecycle in a software development team

Training Program

The Application Security Awareness Training covers the material recommended by OWASP SAMM and goes far beyond. The program spans over five sessions. Each session is about three hours long.

Day 1: Intro to Application Security

  • World Biggest Data Breaches and Application Security.
  • Threat actors, attack vectors, and vulnerability classes.
  • HaveIBeenPwned’s secure protocol for password verification.
  • The state of the Application Security industry.
  • AppSec resources and communities.
  • Burp Suite basic configuration.
  • Web Security Academy introduction.

Day 2: Application Security Basics

  • Software vulnerability types, NVD, CVE. Vulnerability risk level. Using the CVSS calculator.
  • Vulnerability examples: OWASP Top10, CWE, and VRT.
  • Attack narrative and Attack Kill Chain. Mitre ATT&CK matrix. Using ATT&CK Navigator.
  • OWASP Testing Project and the WSTG.
  • Secure development and the OWASP ASVS.

Day 3. Security Architecture Fundamentals

  • Fundamental security engineering principles.
  • Secure SDLC and common Application Security practices.
  • OWASP Software Assurance Maturity Model (SAMM).
  • Threat Modeling. Using OWASP Threat Dragon.
  • Security requirements and security testing.
  • Installing and configuring DVWA and OWASP Juice Shop.
  • Web Security Academy labs (SQLi).

Day 4. Secure Development and Security Testing

  • Secure supply chain and dependencies security.
  • Code security review basics, techniques, and tools.
  • SAST basics, working with Sonar.
  • DWVA testing and code review exercises (CI, XSS, SQLi).
  • Web Security Academy labs (XSS, CSRF).

Day 5. Deep Dive in Security Testing

  • Requirements-based testing.
  • Design and architecture review.
  • Web Security Academy labs (XXE, SSRF, SSTI).
  • Cloud security testing basics. Using ScoutSuite.

    Prior Knowledge

    We offer the training to the software development teams, so there is no specific set of requirements to meet. To fully grasp the content of the training, the students should already have experience in software development and related skills.

    Training Cost

    The Application Security Awareness Training price for one group of 16 students is 5,000 EUR (VAT excluded). As always,  returning customers get 15% discount off this price starting from the second learning group.

    Trainers

    The Application Security Awareness Training is taught by our lead experts that have vast practical experience in application security as well as the project management and business consulting background in this area.

    The trainers have excellent presentation skills and can deliver the training material in both English and Ukrainian.

    As active contributors to the profession and the chapter leaders of OWASP Kyiv, they always have fully up-to-date knowledge of current best practices in the Application Security industry.

    Testimonials

    Now, internal development teams are successfully implementing the skills they learned from Berezha Security. The specialists maintained an excellent communication style throughout the sessions.

    Nazarii Uniiat

    Security Engineer, Clario Tech Limited

    Berezha Security was able to discuss all cybersecurity topics. Although the topics were complex, the staff was able to comprehend the lecturer’s lessons. The vulnerabilities of desktop software applications were the most useful demonstration for them. Altogether, the team did a tremendous job.

    Viacheslav Viskushenko

    Information Security Manager, Credit Agricole Ukraine

    +380 (44) 364 7336    +1 (315) 303 2323

    6 Nimanska St., 41, Kyiv, Ukraine 01103

    77 Sichovykh Striltsiv St., Kyiv, Ukraine