Security

Building sites and applications that are secure is paramount. In this session we'll be looking at how to recognise vulnerabilities in existing developments, how these could be exploited and, of course, how to fix and guard against attacks.

Security

Last reviewed 29 September 2019 by Chris Riley (Trainer)

Description

Building sites and applications that are secure is paramount. In this session we'll be looking at how to recognise vulnerabilities in existing developments, how these could be exploited and, of course, how to fix and guard against attacks.

Why this is important

It is our duty to build with security in mind. If what we build is not safe and secure, critical business relationships can be compromised. Insecurity allows for the spread and escalation of malware, attacks on other websites, and even attacks against national targets and infrastructure.

Outcomes

At the end of this training you will be able to:

  1. Recognise certain vulnerabilities of a web application, including those frequently featured in the OWASP top 10
  2. Test for security issues and understand how to prevent them

Learner Requirements

  1. Understanding of PHP, HTML and JS

Outline

  1. Intro to web security and common vulnerabilities
  2. Activity: Hack this site
  3. Review Activity

Tasks

During Training

  1. Explore an application and find vulnerabilities in it.
  2. Discussion on impact of security vulnerabilities.
  3. Discuss as a group what steps need to be taken to prevent these security flaws.

After Training

Extra

Resources / Reference

  1. Intro Slides on Google Drive
  2. OWASP Top Ten
  3. Building secure web applications in PHP
  4. Building secure web applications in PHP 2018 edition