Secure Coding Workshop for Developers

Too often, security comes as an afterthought during the application development process

A last-minute rush to identify and resolve security issues can have serious consequences, including unexpected costs, delayed release dates, and, crucially, vulnerabilities that go undiscovered.

Building security into the development process is key to avoiding these problems. Our two-day workshops will provide you with a full understanding of best practice when it comes to application development, equipping you with the tools you need to keep your projects secure.

To avoid post-release vulnerabilities, building security into the software development life cycle is crucial – but to achieve this, developers first need to understand how to identify and resolve security issues.

Bespoke Service

Our workshops are tailored to the way you work

Experienced Team

Security specialists with years of real-world experience.

Advanced Techniques

Gain an understanding of the most up-to-date techniques used by hackers.

Straightforward Advice

Take away clear tips to build security into your development process.

Making Security part of your development lifecycle

In just two days, our expert consultants will provide you with the knowledge that you need to identify and resolve the most common vulnerabilities that can compromise web applications.

During our bespoke workshops, we’ll teach you how to think like a hacker, taking you through serious vulnerabilities and how they can be exploited. Using real-world examples, we’ll share best practice when it
comes to secure development, giving you advice that you can take away and implement immediately.

Speak with our expert team to find out how we can help you ensure the security of your web applications.

Saving costs by factoring security into the development life cycle

The cost of fixing a bug found during the implementation stage is six times more expensive than fixing one identified in the design process.

[Source: The Systems Science Institute at IBM]

FAQs

What will this workshop cover?

The course covers the methodology used to assess the security of a web application and gives detailed guidance on secure development, relating to both the design and implementation of web applications.

Our consultants will run through how to identify and resolve common web application vulnerabilities, including:

• The OWASP top 10 critical web application security risks and the basics of web application security
• The exploitation of common vulnerabilities, including SQL injection, filter bypasses, query chaining and blind exploitation
• How to break and build robust authentication and authorisation mechanisms and session management routines
• How to interact securely with database management systems
• Application mapping, use of automation, and how client-side controls can be bypassed
• The detection and exploitation of cross-site scripting issues and other client-side flaws
• How to uncover common business logic flaws using dynamic analysis and static code analysis, and good practice techniques to address these issues
• Understanding common access controls and flaws, including command injection, code injection, and XML injection

Can this workshop be tailored to the needs of my organisation?

We’ll work with you to tailor the workshop to your programming language and deliver bespoke advice that you can tailor to your development processes.

Who is this workshop aimed at?

The Arcturus secure coding workshop for web applications is aimed at software developers, software architects, security consultants and quality assurance engineers who are looking for a solid understanding of how attackers uncover and exploit vulnerabilities in web applications, and what can be done by developers to prevent this.

Other services

Application Penetration Testing

Cyber-attacks are more targeted, sophisticated and frequent than ever before, while the risks posed by internal users are often overlooked. Our penetration testing services model the techniques of criminal hackers and malicious insiders to identify any vulnerabilities in your online-facing or internal applications. With clear reporting, we provide tailored recommendations on how you can strengthen your security posture. Find out more >

Web Application Testing

Web application attacks range in size and complexity, from the exploitation of vulnerable open source components, to app-specific attacks which take advantage of user controls. Internal web applications are at risk too, from disgruntled or malicious users who may find loopholes and use their position to wreak havoc. Find out more >

Product Assessment

Our experienced consultants help your development team thoroughly analyse your entire product and service portfolio, identifying any security gaps and providing clear guidance on how to address any vulnerabilities and deliver a watertight product suite. Your team also benefit from knowledge transfer to improve the security of their future developments. Find out more >

Cookie Name	Expiration Time	Description
_ga	2 years	Used to distinguish users.
_gid	24 hours	Used to distinguish users.
_gat	1 minute	Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>.

_gac_<property-id>	90 days	Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out.
__hstc	13 months	The main cookie for tracking visitors.
hubspotutk	13 months	This cookie keeps track of a visitor's identity. It is passed to HubSpot on form submission and used when deduplicating contacts.
__hssc	30 minutes	This cookie keeps track of sessions.
__hssrc	End of session	Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser.