FREE TRAINING – 30-MINUTE COURSE
Navigating the Web's Hazards: A Deep Dive into Out-of-Band Resource Load, Server-Side Template Injection, Unsafe Password Practices, and Sensitive File Disclosure
Now Available On-Demand
Join Jim Manico for a 30-minute live training session presented in a friendly classroom environment. Book your seat today and step up your secure coding game!
Join us for an training session where we unravel some of the web's most overlooked yet critical security vulnerabilities. Our talk is crafted for developers, security professionals, and anyone keen on understanding and fortifying web security. This session is especially relevant for those involved in secure coding and application security.
Our agenda includes:
Out-of-Band Resource Load (HTTP) Discover the risks of loading resources from external sources. Understand how out-of-band resource loading can lead to security vulnerabilities like data leakage, mixed content issues, and potential for third-party malicious content injection.
Server-Side Template Injection Delve into the world of server-side template injection. Learn how attackers exploit template engines to inject malicious code, leading to Remote Code Execution (RCE), data exposure, or cross-site scripting (XSS). We will discuss preventive measures and secure coding practices to mitigate these risks.Password Submitted Using GET Method Uncover the dangers of submitting passwords using the GET method in HTTP requests. Understand how this practice leads to security breaches like exposing credentials in URLs, server logs, and browser history. Explore secure alternatives and best practices for handling sensitive data transmission.
Sensitive File(s) Disclosure Explore how improper access controls and security misconfigurations lead to unintended sensitive file disclosure. Learn about the methods to identify and secure sensitive files, and understand the importance of robust access control mechanisms.
Bonus Content:
On-demand access to class recordings >> You can share with your internal team
A comprehensive courseware package >> Get actionable examples, best practices, and resources
Watch On-Demand
Edgescan requires the data you provide in order to share product information. By submitting this form, you agree to our collection and use of your information in accordance with our Privacy Policy. You may opt out at any time.
Who Should Attend:
- Software Engineers
- Application Security Analysts
- DevOps Practitioners
- IT Decision-Makers
- Security Enthusiasts
- Anyone interested in writing secure code
Meet Your Instructor
Jim Manico
Founder, Manicode Security, and Edgescan Strategic Technical Advisor
Jim Manico is the founder of Manicode Security, where he trains software developers on secure coding and security engineering. He is also an investor/advisor for 10Security, Aiya, MergeBase, Nucleus Security, KSOC, and Inspectiv. Jim is a frequent speaker on secure software practices, is a member of the Java Champion community, and is the author of “Iron-Clad Java: Building Secure Web Applications” from Oracle Press. Jim also volunteers for the OWASP foundation as the project lead for the OWASP Application Security Verification Standard and the OWASP Cheatsheet Series.
Edgescan and Jim Manico are offering a series of courses that have been carefully curated and map to the top 10 vulnerabilities discovered in 2023 by Edgescan.
Expand your knowledge and ensure your skills are honed to eradicate the most prevalent vulnerabilities discovered in 2023. Gear up for a secure coding journey guided by security guru Jim Manico and aligned to the most common vulnerabilities discovered in 2023 by Edgescan.
Check out our full class offering on the Edgescan website >>