Secure Coding and Application Security Workshop - 生产力学院
Secure Coding and Application Security Workshop
    10016348-01
    香港九龙达之路78号
    2024-12-12
    利小姐,电话:+852 2788 5704
    cybersec@hkpc.org

    只提供英版本

    Secure design and coding in DevOps with Threat Modelling are advanced and innovative in the software development market.

    COVID-19 has accelerated digitalisation of businesses and increased presence of e-commerce. While company security doesn’t run at the same pace, it widens the appetite of hackers. As a result, many data leakage events arose from non-secure web applications.

    It is crucial for businesses to make sure that their points of contacts (web applications) are secure to use in order to provide a safe experience for the customers.

    The 2-day workshop is tailored for the ones with programming experience. It will take you through the web technology knowledge, common coding issues of web application, cloud security and secure coding to protect them. A practical hands-on lab will be provided to enhance participants’ understanding of secure coding.

    Date and Time

    12-13 December 2024, 09:30 – 17:00

    Venue

    1/F, HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong

    Medium

    Cantonese with English terminology

    Course Outline

    DAY 1

      • Latest web security landscape
        • Web technology concepts
        • Well known web compromised security incidents
      • OWASP ZAP and its usage
        • Hand-on exercise with OpenCart
      • OWASP Top 10
        • OWASP Top 10 2021 for Web Application
        • Demonstration with OWASP Juice Shop
        • How to harden website to prevent OWASP Top 10 issues

    DAY 2

      • Summary on common web application issues (on different platforms and applications)
        • Insufficient HTTP Headers
        • CSP, SOP, CORS
        • Issues with Client-Side Security Measures
        • In-depth into Cookies and Sessions
        • Local Storage
        • Insufficient Data Escaping
      • Application Security Threat Modeling
        • Common threat models: STRIDE, Cyber Kill Chain, etc.
        • Threat modeling process
        • Tool: OWASP Threat Dragon
        • Threat modeling exercise
      • Secure coding workshop
        • Secure coding concepts
        • Hands on exercise on securing web application (virtual machine with all relevant security tools will be provided)
      • Application security in the cloud
        • DevSecOps and CI/CD
        • Cloud application security best practices

    Fee

    Early Bird Price (deadline on 15 November 2024): 

      • Staff of Organiser or Member of Supporting Organisation: HK$6,500
      • Non-member : HK$6,600

    Regular Price:

      • Staff of Organiser or Member of Supporting Organisation: HK$6,700
      • Non-member : HK$6,800

    Trainer

    Mr Bernard KAN

    Bernard KAN has over 20 years of experience in information security as a security team leader in Banking and Telecommunication industries and HKCERT.

    He has been delivering quality information security training to enterprises, talks in security conference and sharing sessions to NGOs. He was a frequent speaker for security awareness training. 

    He had been a part-time lecturer a post-graduate Information Security certificate course of City University of Hong Kong for 6 years. 

    Bernard holds various professional certifications, including CISSP, CCSP, GCIA, GCIH, CWSP, CCNP, MCSE and CEC. He is a Master of Science degree in E-Commerce.

    Target Audience

    Anyone new in cyber security with an interest in coding and application security includes:

      • IT Officer/Manager
      • Programme/Developer
      • Information Security Personnel
      • Product Manager

    Note: Programming experience is required.

    Certificate of Training

    Participants who have attained 75% or more attendance will be awarded Attendance Certificate.

    Download Full Course Detail ▼