See an overview of the platform in a 10-minute video.

Watch Demo
Go to my account

Free Training Courses

Master the Fundamentals of Secure Coding with Jim Manico

Ensure your code is secure from the top ten vulnerabilities discovered in the wild by Edgescan so far in 2023.

  1. SQL injection
  2. File path traversal
  3. Cross-site scripting (stored)
  4. Malicious file upload
  5. Brute forcing possible
  6. PHP Unsupported version detection
  7. Out-of-band resource load (HTTP)
  8. Server-side template injection
  9. Password submitted sing GET method
  10. Sensitive file(s) disclosure
Upcoming Session

Stored but Not Secure: Defending Against Cross-site Scripting

Live On November 30
6:00 PM IST, 1:00 PM PT, 10:00 AM PT

REGISTER
Gear up for a secure coding journey guided by security expert Jim Manico and aligned with the most common vulnerabilities discovered and reported in Edgescan’s 2023 vulnerability stats snapshot.
Our free courses are designed to teach students how to prevent specific vulnerabilities in just 20 minutes, followed by a Q&A session.

 

The Snake in the Query:
Preventing SQL Injection

ON-DEMAND RECORDING
ON-DEMAND
SQL injection is a notorious vulnerability that we, as security practitioners and developers, must tackle head-on. It arises when attackers manipulate user inputs to execute malicious SQL queries, endangering our data integrity. To thwart these attacks, we must embrace prepared statements and parameterized queries, techniques that treat user inputs as data, not executable code, thus forming a robust defense against this venomous threat.
Finding Your Way:
Mitigating File Path Traversal Risk
ON-DEMAND
ON-DEMAND

File path traversal, or directory traversal, is a treacherous adversary, capable of granting attackers unauthorized access to sensitive files. Our mission is to shield against this threat through stringent input validation and more, ensuring that user-provided file paths remain confined within their intended directory structures. Combining this with access control measures, such as ACLs and permissions, fortifies our defenses, guiding us safely through the complex terrain of file system security.

Stored but Not Secure: Defending Against Cross-site Scripting
Live On November 30
6:00 PM IST | 1:00 PM PT | 10:00 AM PT
REGISTER

Cross-site Scripting (XSS) is a persistent peril that exposes web applications to script injection attacks. Our strategy to protect against this vulnerability should encompass rigorous output encoding, HTML sanitization and input filtering. Also, by adopting robust Content Security Policy (CSP) headers, diligent input validation, and embracing modern security-focused frameworks, we can fortify our applications against XSS, ensuring they remain both functional and resilient in the ever-evolving landscape of web security.

Jim Manico

Your instructor.

Jim Manico is the founder of Manicode Security, where he trains software developers on secure coding and security engineering. He is also an investor/advisor for 10Security, Aiya, MergeBase, Nucleus Security, KSOC, and Inspectiv.

Jim is a frequent speaker on secure software practices, is a member of the Java Champion community, and is the author of “Iron-Clad Java: Building Secure Web Applications” from Oracle Press. Jim also volunteers for the OWASP foundation as the project lead for the OWASP Application Security Verification Standard and the OWASP Cheatsheet Series.

Visit www.manicode.com to schedule an in-depth training course with Jim and crew.

Upcoming secure coding courses you can't miss

SESSION 4

Behind the Malicious File Upload: What You Need to Know

SESSION 5

Crack the Code: Defending Against Brute Forcing

SESSION 6

The PHP Time Bomb: How to Detect Unsupported Versions

SESSION 7

The PHP Time Bomb: How to Detect Unsupported Versions

SESSION 8

Template or Trap: Server-side Template Injection Explained

SESSION 9

The GET No-Go: Why Passwords Shouldn't be Submitted

SESSION 10

The Hidden Dangers of Sensitive File Disclosure