547e156ff644ca7f589c2fd5_manicode-logo.png
547e156ff644ca7f589c2fd5_manicode-logo.png
5356ace426a94dc12f000bee_Icon-cross.png

GEt in touch

Send us a mail!

Don’t hestitate to get in touch if you have a question or need more information!

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form :(

Flatstyle
Grote Dijklaan 23
4822 DE, Amsterdam
info@flatstyle.nl

Learn to

code.

Securely.

We help you build a custom class on secure coding from our large selection of learning modules. These include HTTP Basics, Authentication Best Practices, Access Control Design, XSS Defense and many more.

contact

Security 

awareness

training.

This custom bootcamp is designed for any web developer, architect, security professional or other software development professional. Even build your own custom class. Try our bootcamp out today.

about us

Build your

own custom

class.

We help you to build a custom class on secure coding from our large selection of learning modules. These include HTTP Basics, Authentication Best Practices, Access Control Design & XSS Defense

more info

Learn to secure your code.

This highly intensive and interactive course provides essential application security training for web application,  web service and mobile software developers and architects.

5457e3591cfa0b0d4bd9f583_icon-top-soft.png

Applications

5457e36471fb0a232406eac2_icon-top-mobile.png

Native Apps

5457e36d71fb0a232406eac3_icon-top-web.png

Web Apps

54581de8584ded2b517af410_4cloud.png

The Cloud

Secure coding bootcamps

As part of this course, we will explore the use of third-party security libraries and frameworks to speed and standardize secure development. 

Core Modules
549d18220e73dcc726e71403_tab-ltblue.png
User Interface Security Series
549d2102ae3e9bbd185328cb_tab-green.png
Data Protection & More
549d211fae3e9bbd185328cd_tab-red.png
  • Introduction to Application Security (1hr)
  • HTTP Basics  (1hr)
    In this module we will cover the various security implications of using the HTTP protocol for web and webservice development. Topics such as the proper use of HTTP verbs and HTTP security response headers will be covered. We will also demonstrate the use of an intercepting proxy tool to demonstrate how attackers modify request data to harm your applications. This module will build upon several layers needed to properly transmit sensitive data over HTTPS.
  • HTTP Basics Labs (1hr)
  • SQL and other Injection (1.5hrs)
    Injection is an application weakness that will allow attackers to execute arbitraty SQL, Operating System and other commands against your application. This is one of the most dangerous vulnerabilities possible. This module will review several forms of injection with live demonstrations. We will discuss the limits of input validation, as well as more robust defenses such as query parameterization and encoding.
  • Access Control (1hr)
    Access Control is a necessary security control at almost every layer within a web application. This module will discuss several of the key access control anti-patterns commonly found during website security audits. These access control anti-patterns include hard-coded security policies, lack of horizontal access control, and "fail open" access control mechanisms. In reviewing these and other access control problems, we will discuss and design a positive access control mechanism that is data contextual, activity based, configurable, flexible, deny-by-default and other positive design attributes that make up a robust web-based access-control mechanism.
  • Authentication (2.5 hrs)
    Authentication is the "front gate" of any application and is used to establish the identity of your users. This module will discuss the security mechanisms found within a secure authentication layer of a web application.  We will review a series of historical authentication threats. We will also discuss a variety of authentication design patterns necessary to build a low-risk high-security web application. Session management threats and best practices will also be covered. This module will also include several technical demonstrations and
  • Cross Site Request Forgery and Clickjacking (1.5 hrs)
    Cross-Site Request Forgery (XSRF/CSRF) is a vicious web-based attack which tricks a user into submitting web transactions that they never intended to submit. This attack category attacks the trust a web application has for authenticated users relating to how browsers store and submit HTTP/S cookies. Attackers can abuse a browsers shared cookie jar to send requests as the authenticated user in a fraudulent way. Developers will learn a variety of defense strategies including the synchronizer token pattern and stateless CSRF defense patterns what will keep CSRF at bay.
  • Access Control Labs (1hr)
  • SQL Injection Labs (1hr)
  • Authentication Labs (1hr)
  • Content Spoofing and HTML Hacking (1hr)
  • Basic XSS Defense (1.5hr)
    Cross Site Scripting (XSS) is an application weakness that will let an attacker inject evil JavaScript into your website. Some programming languages do not event provide native defenses necessary to thoroughly prevent XSS. This module will demonstrate several real world XSS attacks. We will also explore several XSS defense strategies such as input validation and output encoding. We will also review specific output encoding libraries such as the OWASP Java Encoder Project, .NET's AntiXSS library, and various PHP utilities.
  • Advanced XSS Defense (1hr)
  • Content Security Policy (1hr)
  • Basic XSS Labs (1hr)
    Limits of input validation
    Persistent XSS
    Reflective XSS
    Client-Side XSS (DOM XSS)
    Contextual Output Encoding
    HTML Sanitization
    Safe JavaScript Design
    Safe JSON Handling
    XSS LABS
  • What is CSRF?
  • Real world CSRF examples
  • Synchronizer Token Pattern
  • Re-authentication
  • Double-submit cookie defense
  • Importance of XSS Defense
  • Synchronizer Token Pattern
  • Applied Cryptographic Storage Basics (2hrs)
  • HTTPS/TLS Best Practices (1hr)
    HTTPS/SSL/TLS has been under fire for years. BEAST, CRIME, problems with the weakness of the CA system, problems with various versions of the protocol - and more - have plagued HTTPS to be less than satisfactory, at best, as a transport security protocol. However, there is hope. Recent enhancements in browsers have made encryption in transit over the web viable for the first time in history. This module will review the HTTPS protocol and describe how it works. Historical attacks and other legacy issues with HTTPS will be discussed. And most important, we will talk about what can be done today to ensure that your users will have the most secure HTTPS experience possible, including ephemeral cipher suites, certificate pinning and certificate stapling.
  • Mobile Security (1.5 hrs)
    Forms and Multi-form Workflow Security Considerations (1hr)The heart of how users interact with a web application is the HTML form submission. A great deal of very sensitive data flows over HTML forms. Securing web form submissions is critical for the construction of a secure web application. Multi-form workflows make securing form submissions even more complicated! This module will take you on a journey as untrusted data flows from a form submission into the many layers of a secure web application. We will review some of the basic threats against web forms, learn some of the most important defense categories for building secure web forms and discuss some of the more complex aspects to form construction, such as workflows.
  • Forms and Multi-form Workflow Security Considerations (1hr)
    The heart of how users interact with a web application is the HTML form submission. A great deal of very sensitive data flows over HTML forms. Securing web form submissions is critical for the construction of a secure web application. Multi-form workflows make securing form submissions even more complicated! This module will take you on a journey as untrusted data flows from a form submission into the many layers of a secure web application. We will review some of the basic threats against web forms, learn some of the most important defense categories for building secure web forms and discuss some of the more complex aspects to form construction, such as workflows.
  • Secure SDLC and Process Improvement (1hr)
    The earlier you address security in the engineering of software, the less expensive it will be for your organization. There are many who will tell you that you need to change all of your current processes around building software so it is more secure. Many of those forces are consultants charging high rates to help you deeply modify what you are doing today. This talk will will take the opposite approach. How can you add a few reasonable and mostly lightweight processes to how you build software today to make it more secure? Software development is like driving a boat. You need to look ahead make small changes to steer effectively.
  • Application Layer Intrusion Detection (1hr)
  • Webservice Security Overview (1hr)
  • HTML5 Security and CORS Considerations (1hr)
  • File Upload and File IO Security (1hr)

The Professor

Jim Manico – Author, Speaker, Consultant

5457aceb1cfa0b0d4bd9eef3_Jim%20on%20a%20Boat%20Large.jpg
5457ac5471fb0a232406e391_icon-twitter.png5457ac5c71fb0a232406e394_icon-linkedin.png5457ac641e22800c4b9bd08c_icon-dropbox.png

  • Bio

    Jim Manico authors and delivers developer security awareness training and has a 20 year history building software as a developer and architect. Jim is also a global board member for the OWASP foundation where he helps drive the strategic vision for the organization. He manages and participates in several OWASP projects, including the OWASP cheat sheet series and several secure coding projects. 

  • Want More Information?

     jim@manico.net  
    Phone: (808) 652-3805.

Testimonials

Listen to what others have said about Manicode

54580de11cfa0b0d4bd9f9b9_johannes.jpg

Johannes Ullrich

Jim is a high energy talented programmer. I worked with him on a number of complex coding projects and he did show great skill in organizing and implementing these projects. He does understand the concepts of web development very well, in particular the need for and implementation of security measures. In addition, Jim communicates well and is a great team player.

54580df41cfa0b0d4bd9f9bc_jerry.jpg

Jerry Hoff

Jim is extremely charismatic, energetic and highly technical. He has unparalleled skill in developing J2EE applications, which are both robust and secure. His knowledge of application security and security architecture is phenomenal, and he is leading a vigorous campaign to change the J2EE spec to make it more secure. I recommend Jim for any development, security or training project.

54580e0f1e22800c4b9bd6db_josh.jpg

Josh Brown

 Jim taught one of the more recent security classes, and having observed many classes in action I can honestly say he really stood out as an instructor. He very successfully engaged the diverse demographics in the class  and convinced all of them why the security issues pertained to their immediate job, and were the concerns of all information employees. 

Want to learn more?

Let’s have a chat!

inquire now

manicode

Top  / About The Professor  /  Testimonials  /  Apply Now

© 2014 Manicode

Follow Us!
5356ace426a94dc12f000bee_Icon-cross.png
547e156ff644ca7f589c2fd5_manicode-logo.png
547e156ff644ca7f589c2fd5_manicode-logo.png