AppSec for Developers (ASD)

Kursbeschreibung Kurstermine Detaillierter Kursinhalt


A 2-day training course designed to teach developers and pen testers how web application security is broken, exploited and leveraged to gain access to data and infrastructure. One of the most topical areas of security is code development and the SDLC – this is where flaws are created and begin.

  • Covers latest industry standards such as OWASP Top 10
  • Insight into latest security vulnerabilities (such as mass assignment bug in MVC Frameworks)
  • Thorough guidance on security best practices (like HTTP header such as CSP, HSTS header etc.)
  • References to real world analogy for each vulnerability
  • Hands-on labs


  • Software/Web developers
  • PL/SQL developers
  • Penetration Testers
  • Security Auditors
  • Administrators and DBAs
  • Security Managers


Students should bring their own laptop with Windows Operating System installed (either natively or running in a VM). Further, students must have administrative access to perform tasks like install software, disable antivirus etc. Devices which don’t have an Ethernet connection (e.g. MacBook Air, tablets etc.) are not supported. A prior knowledge of development in a language will be an added advantage but it’s not a strict requirement.


Application Security for Web Developers: A 2-day highly-practical course that targets web developers, security auditors, penetration testers, security managers and anyone else who would like to learn about writing secure code or to audit code against security flaws. The course covers each and every vulnerability in-depth and discusses a variety of the best security practices and defence in-depth approach which developers should keep in mind while developing applications.

The attendees will be provided access to infrastructure on which they will be practicing to identify vulnerable code and subsequently discuss patching approaches. While the course covers industry standards such as OWASP Top 10 and SANS top 25 security issues, it also talks about real world issues which don’t find a mention in these lists. The course does not focus on any particular web development language or technology but focuses on the principles. It includes examples from PHP, .NET, classic ASP and Java.

Pen testing as an activity tends to capture security vulnerabilities as the end of the SDLC and is often too late to be able to influence fundamental changes in the way code is written. NotSoSecure wrote this course because of the need for developers to develop code and applications in a secure manner. It does not need to be more time consuming, but it is critical to introduce security as quality component into the development cycle.

The course does not target any particular web development platform but targets the general insecure coding flaws which developers make while developing applications. The examples used in the course include web development technologies such as ASP, .NET, JAVA and PHP.

Classroom Training

Dauer 2 Tage

Preis (exkl. MwSt.)
  • Deutschland: 1.990,- €
inkl. Verpflegung
Verpflegung umfasst:

  • Kaffee, Tee, Saft, Wasser, Cola
  • Gebäck und Süßigkeiten
  • Belegte Brötchen
  • Frisches Obst
  • Mittagessen in einem der naheliegenden Restaurants

Gilt nur bei Durchführung durch Fast Lane. Termine, die von unseren Partnern durchgeführt werden, beinhalten ggf. ein abweichendes Verpflegungsangebot.

Termine und Buchen
Zum Buchen bitte auf den Ortsnamen klickenKurstermine
Dies ist ein FLEX™-Kurs.

Zur Zeit sind keine Termine verfügbar.  Fragen Sie an via

FLEX™ Training

Please see below our alternative, English language, FLEX™ course option

05.12. - 06.12.2016 FLEX™ Training Dies ist ein FLEX™-Kurs in englisch.
Zeitzone: Asia/Istanbul

Fast Lane Flex™ Classroom Ist der für Sie passende Termin oder Ort nicht dabei? Wir bieten Ihnen noch weitere FLEX™ Classroom Trainingstermine an!