See a 10-minute overview of the platform.

Watch VIDEO
Go to my account
Search
Search

Free Training Courses

Master the Fundamentals of Secure Coding with Jim Manico

Watch for more Manicode training courses coming soon!

Ensure your code is secure from the top ten vulnerabilities discovered in the wild by Edgescan in 2023

  • 1. SQL injection
  • 2. File path traversal
  • 3. Cross-site scripting (stored)
  • 4. Malicious file upload
  • 5. Brute forcing possible
  • 6. PHP Unsupported version detection
  • 7. Out-of-band resource load (HTTP)
  • 8. Server-side template injection
  • 9. Password submitted sing GET method
  • 10. Sensitive file(s) disclosure
The Snake in the Query: Preventing SQL Injection
ON-DEMAND RECORDING
Watch Now
SQL injection is a notorious vulnerability that we, as security practitioners and developers, must tackle head-on. It arises when attackers manipulate user inputs to execute malicious SQL queries, endangering our data integrity. To thwart these attacks, we must embrace prepared statements and parameterized queries, techniques that treat user inputs as data, not executable code, thus forming a robust defense against this venomous threat.
Finding Your Way:
Mitigating File Path Traversal Risk
ON-DEMAND RECORDING
Watch now

File path traversal, or directory traversal, is a treacherous adversary, capable of granting attackers unauthorized access to sensitive files. Our mission is to shield against this threat through stringent input validation and more, ensuring that user-provided file paths remain confined within their intended directory structures. Combining this with access control measures, such as ACLs and permissions, fortifies our defenses, guiding us safely through the complex terrain of file system security.

Stored but Not Secure: Defending Against Cross-site Scripting
ON-DEMAND RECORDING
Watch now

Cross-site Scripting (XSS) is a persistent peril that exposes web applications to script injection attacks. Our strategy to protect against this vulnerability should encompass rigorous output encoding, HTML sanitization and input filtering. Also, by adopting robust Content Security Policy (CSP) headers, diligent input validation, and embracing modern security-focused frameworks, we can fortify our applications against XSS, ensuring they remain both functional and resilient in the ever-evolving landscape of web security.

File Upload
Security
ON-DEMAND RECORDING
Watch now

Allowing users to upload files to your web or API application can be inherently risky. This module focuses on understanding the various attacks associated with file upload features and other file I/O-intensive functionalities. It’s crucial to recognize the potential threats and implement robust security measures to mitigate them.

Crack the Code: Defending Against Brute Forcing
ON-DEMAND RECORDING
watch now
This training module is designed for developers to understand and counteract brute force attacks on web applications. Brute force attacks, where attackers methodically try numerous combinations to crack passwords, usernames, or other security credentials, pose a significant threat to web security. This module aims to equip developers with practical knowledge and tools to implement effective defenses against such attacks.
Navigating the Web's Hazards: A Deep Dive into Out-of-Band Resource Load, Server-Side Template Injection, Unsafe Password Practices, and Sensitive File Disclosure
ON-DEMAND RECORDING
watch now
Join us for an training session where we unravel some of the web’s most overlooked yet critical security vulnerabilities. Our talk is crafted for developers, security professionals, and anyone keen on understanding and fortifying web security. This session is especially relevant for those involved in secure coding and application security.
Jim Manico | Strategic Technical Advisor
Jim Manico
Manicode

Your instructor

Jim Manico is the founder of Manicode Security, where he trains software developers on secure coding and security engineering. He is also an investor/advisor for 10Security, Aiya, MergeBase, Nucleus Security, KSOC, and Inspectiv.

Jim is a frequent speaker on secure software practices, is a member of the Java Champion community, and is the author of “Iron-Clad Java: Building Secure Web Applications” from Oracle Press. Jim also volunteers for the OWASP foundation as the project lead for the OWASP Application Security Verification Standard and the OWASP Cheatsheet Series.

Visit www.manicode.com to schedule an in-depth training course with Jim and crew.