Web Apps Attack and Defense:
Secure Coding

With this course, you will learn how to use the basic building blocks of web applications to attack and defend them. Web apps function in complex environments, and their attack surface is huge – both as a hacker and a defender, you need to know what happens under the hood – this is where this course comes in. You will benchmark coding practices against the top 10 threats affecting web applications.

We focus on offensive and defensive approaches to the code that lies beneath the front-end. If you’ve worked in this field for a while, you know that’s where the problems hide, it’s just a matter of finding and either exploiting or fixing them! Whether they’re working for you (when you’re pentesting) or against you (when you’re defending) understanding exactly how these attacks work is crucial. You will get exposed to various tools and techniques that can be used to enable us to analyze and fix security bugs in a majority of our PHP applications.

Video course by Munir njiru


Secure Payments via Card or Paypal

44 Lectures, 18 Hours

Is This Good For Me?

This volume provides the security professionals, web developers and project managers with the information they need to analyze the applications and underlying code with confidence in tests and reviews, and deepen your expertise; it also implements corrective controls by teaching strategies to secure applications not just identify problems which helps project owners take a proactive approach that adds to the efficiency of the DevSecOps. 

What's Inside?

In this module, we will cover the basic concepts of PHP and get familiar with various features that PHP has to offer; Additionally we will get an introduction to the common methodologies associated with secure software development. 

This module will demonstrate to you three common coding strategies used in PHP applications used for security and causing problems. It also delves into actual input injection attacks where these three strategies are not doing their job well. Additionally, we will show how to identify, exploit and fix bad code in this regard. We will covers some common vulnerabilities like: XSS, SQL Injection, Serialisation & XXE.

This module will cover another aspect of PHP security, that not only leads to compromise of the application, but could extend to more serious attacks on the OS context through code execution. Additionally, it will cover threats that may have adverse effects on the logical perspective of access and authorization.

This module will focus on modern tools and techniques that can help in making tasks learned in previous modules easier and more efficient; additionally, we will explore a number of tools to test automatically and semi-automatically for the issues shown in previous modules.

Watch the sample for free or get the full course now.

Learn how to attack applications based on common issues and how to prevent the attacks materializing if you are on the defense side.