Secure design and coding in DevOps with Threat Modelling are advanced and innovative in the software development market.
COVID-19 has accelerated digitalisation of businesses and increased presence of e-commerce. While company security doesn’t run at the same pace, it widens the appetite of hackers. As a result, many data leakage events arose from non-secure web applications.
It is crucial for businesses to make sure that their points of contacts (web applications) are secure to use in order to provide a safe experience for the customers.
The 2-day workshop is tailored for the ones with programming experience. It will take you through the web technology knowledge, common coding issues of web application, cloud security and secure coding to protect them. A practical hands-on lab will be provided to enhance participants’ understanding of secure coding.
Date and Time
12-13 December 2024, 09:30 – 17:00
Venue
1/F, HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong
Medium
Cantonese with English terminology
Course Outline
DAY 1
- Latest web security landscape
- Web technology concepts
- Well known web compromised security incidents
- OWASP ZAP and its usage
- Hand-on exercise with OpenCart
- OWASP Top 10
- OWASP Top 10 2021 for Web Application
- Demonstration with OWASP Juice Shop
- How to harden website to prevent OWASP Top 10 issues
- Latest web security landscape
DAY 2
- Summary on common web application issues (on different platforms and applications)
- Insufficient HTTP Headers
- CSP, SOP, CORS
- Issues with Client-Side Security Measures
- In-depth into Cookies and Sessions
- Local Storage
- Insufficient Data Escaping
- Application Security Threat Modeling
- Common threat models: STRIDE, Cyber Kill Chain, etc.
- Threat modeling process
- Tool: OWASP Threat Dragon
- Threat modeling exercise
- Secure coding workshop
- Secure coding concepts
- Hands on exercise on securing web application (virtual machine with all relevant security tools will be provided)
- Application security in the cloud
- DevSecOps and CI/CD
- Cloud application security best practices
- DevSecOps and CI/CD
- Summary on common web application issues (on different platforms and applications)
Fee
Early Bird Price (deadline on 15 November 2024):
- Staff of Organiser or Member of Supporting Organisation: HK$6,500
- Non-member : HK$6,600
Regular Price:
- Staff of Organiser or Member of Supporting Organisation: HK$6,700
- Non-member : HK$6,800
Trainer
Mr Bernard KAN
Bernard KAN has over 20 years of experience in information security as a security team leader in Banking and Telecommunication industries and HKCERT.
He has been delivering quality information security training to enterprises, talks in security conference and sharing sessions to NGOs. He was a frequent speaker for security awareness training.
He had been a part-time lecturer a post-graduate Information Security certificate course of City University of Hong Kong for 6 years.
Bernard holds various professional certifications, including CISSP, CCSP, GCIA, GCIH, CWSP, CCNP, MCSE and CEC. He is a Master of Science degree in E-Commerce.
Target Audience
Anyone new in cyber security with an interest in coding and application security includes:
- IT Officer/Manager
- Programme/Developer
- Information Security Personnel
- Product Manager
Note: Programming experience is required.
Certificate of Training
Participants who have attained 75% or more attendance will be awarded Attendance Certificate.