Application Security Awareness and Kick-start
What security threats are web applications exposed to?
Why is it necessary for security to encompass the entire software development process?
How do I get started with secure development?
How does it relate to cost effectiveness?
This seminar answers the above questions.
In the first part, the role played by a lack of software security is demonstrated using vivid examples and current security incidents that have become public knowledge. Particularly treacherous traps, into which every developer who is not appropriately trained can fall, will be explained from the code and developer perspective.
In the second part, ways are shown how the individual developer, a development team and the company can achieve a secure software development process. This is underpinned by successfully implemented case studies. Economic aspects are also considered.
- Security is not the task of experts who bring in security after the fact, but must be lived by every software developer as an integral part of the SDLC and as part of quality assurance.
- Every single developer has a high responsibility for the security of the overall system.
- Security must be anchored as deeply as possible in the architecture.
The goal of this seminar is to make it clear to developers and software architects as well as project managers and budget managers how important it is to develop applications with “security-in-mind” and to leave them with a clear idea of what the first steps must look like.
The seminar is also suitable for implementation in the form of a workshop, in which the individual customer situation, protection requirements and specific starting points are brought in and discussed in a solution-oriented manner.
- Examples/demos of vulnerabilities (“live hacking”)
- (In)secure workflows / registration / login / reset password / phishing / factors in your own application that favor attacks
- Presentation of known attacks and their causes in application security
- Differentiation from other areas of IT security
- Application security is first and foremost a software engineering discipline
- Application security starts with the definition of the project budget or the definition of tender requirements
- Security in the build chain: opportunities and limitations of security test automation
- From DevOps to DevSecOps
- Overview of the landscape of freely available and commercial security tools for developers
- Presentation of a step-by-step approach that is efficient, tailored to your own situation and geared towards sustainability
- Decision makers
- Project managers
- Software architects
- Software developers
- Security representatives
2 hours to a day
|Dr. Bastian Braun
Security consultant in many software projects
|Dr. Benjamin Kellermann
Experienced penetration tester and IT security consultant