This course aims to give users an understanding of the current threat landscape on application security.

Students of the Application Security Awareness class will learn and see the kinds of attacks that malicious users and attackers are employing to break into applications. Unlike the more in-depth classes, there are no hands-on components to this class. Students will instead watch demonstrations and focus on learning about the attackers rather than how to actually execute and defend against them in detail.

For many years, information security has focused its effort on securing the network from attackers. The current situation is that the vast majority of attacks now occur at the application layer, many passing over port 80 as legitimate HTTP data.

Understanding the nature of these threats allows people from across the enterprise to better understand the risks that are presented to their application. Unlike the other courses which are targeted to specific groups, this class gives a high level overview of all the areas of application security to all users. Due to the short time frame of the class, students do not partake in hands-on exercises and instead watch demonstrations performed by the instructors.

Students witness first-hand the simplicity of a variety of attacks on applications and learn how to determine the level of risk presented to their applications. While students do not learn in depth how to execute attacks or how to build secure applications, they leave the class with an understanding of how attacks can be performed and the processes and policies needed to protect their applications.

• Application components
• Application architecture
• Secure SDLC
• Data classification

• Authentication
• Authorization & Access Control
• Session Management
• Cryptography
• Input Validation
• Error Handling
• Buffer Overflow