Ultimate App Sec

Ultimate App Sec….It’s time to get serious

This an intensive hands-on application security course designed to bring you up to speed on all things app security related and more importantly teach you how to find vulnerabilities in your web and thick client applications before the bad guys do.


You will learn how to identify security bugs in real applications with hands-on lab exercises. You’ll learn to use and modify tools like Burp Suite.


Course Outline

  • Fundamentals
    • HTTP basics
    • Overview of web technologies
    • Web application architecture
    • Web Services
      • SOAP
      • REST
    • Recent attack trends


  • New web technologies
    • MVC Frameworks
      • C#
      • Ruby on Rails
      • Django
    • SPA Frameworks
      • NodeJS
      • AngularJS
      • EmberJS


  • Common attacks
    • Full OWASP (not just the top 10)


  • Attacking plugins, thick clients
    • ActiveX controls
    • Java Applets


  • Attacking Digital Certificates
    • Attacking Certification Authorities
    • Economic Fraud
    • Man-In-The-Middle attacks against certificates


  • Attacking Big Data Solutions
    • MongoDB
    • Hadoop


  • Application Security
    • Intrusion Detection in an application
    • Incident Handling


  • Defending against application attacks
    • Web Server Secure Configuration
    • Web Application Security
      • Best practices
      • Security APIs and Libraries



The intended audience for this class is application security analysts, developers, application architects, pen testers, auditors that have to deal with web security issues or have an interest in better defending their web applications.



A student should have a basic understanding of web application technologies. If you are new to application security, and want hands-on exposure to real world application security, then this is the class for you.


What you’ll be able to do after completing this class

  • Understand the major risks and common vulnerabilities in web and thick client applications.
  • Deal with application security vulnerabilities using secure coding techniques, security APIs, software libraries, and secure server configurations.
  • Fulfill the training requirement as stated in PCI DSS 6.5.


What you get

The attendees will receive the following:

  • PDF courseware
  • PDF lab manual
  • Both attack and target VMWare virtual machines
  • Certificate of completion for 6 hours of training


How is the program delivered?

On Monday of each week you will be assigned a set of tasks that required to be completed by Sunday at midnight EST. These tasks usually include:

  • Required reading
  • Required videos to watch
  • Required lab exercises to perform

On Mondays and Wednesday s (2 nights per week) from 7-10pm EST a live online training session/QA period will be held.

Lab Network Access

Strategic Security now has a penetration tester's target practice lab environment. Targets in the lab network will change on the 1st of every month. Students have the option to purchase 3 or 12 months access to the lab environment.

Students will receive

  • 6 hours of CPEs
  • Several virtual machines
  • Courseware slides
  • Lab manual
  • Lab access (optional 3 or 12 months)


Each class will be recorded and made available to the students via email. So you can keep up with the class even if you have to miss time, or even a whole day.


Each student will be given access to a Google Group for the class. This will be where students can ask questions outside of the normal class hours, work with other students on lab exercises, homework, and challenges.

A Strategic Security class mentor will be assigned to the Google Group to answer questions (allow 1 day for responses).

A Customer Relationship manager will be assigned to the class to manage questions, and support issues.



This class will be live online on December 5th and 7th 2016 from 7pm EST to 10pm EST for each scheduled day.

Class Cost

The class cost is $100 with 1 month of lab access.


  • Price: $100.00
  • $0.00