- maven (noun):
- a trusted expert who seeks to pass knowledge on to others
Training
Our experienced web application security testers have been training others around the globe since 1998
Quick Links
- I need a web application security assessment
- Web Security Dojo: free training environment
- I need a bid or proposal
- I would like training or a speaker for an event
News & Events
- Software Test Professionals Fall 2012
- ISACA NJ Hands-On Training
- Web Security Dojo 2.0 Released
- Interop NY - Oct 2011
- ISACA NACACS - Las Vegas - May 2011
- OWASP Raleigh - Declaritive Web Security
Spotlight
Software Test Professionals -
Fall 2012
Maven Security will be teaching a one day hands on web security assessment course on Oct. 15, 2012
World Class Training Since 1998
Although Maven Security Consulting started as a business in 2001, its founders were developing and delivering original web app security training as early as 1998. This was long before there were top ten lists, huge professional security conferences, and web application security mailing lists.
Training Services
At Maven Security we believe that it is vitally important to integrate security throughout the software development life cycle. That’s why we provide training targeted to many project stakeholders in your organization, from the programmers, to security staff, to project managers.
We’ve given training at large conferences, large businesses, small businesses, and everywhere in between. If you think that you need better security understanding in your organization, contact us to find out how we can help you.
Class Examples
Here’s an overview from just a few of our recent training engagements. For more detail on our public engagements, see our news & events page. We also have a selection of comments from previous students.
Hands-On Remote Testing for Common Web Application Security Threats
Course Objectives:
- Understand the security threats facing web applications.
- Learn the tools and techniques to remotely validate a web application’s security.
- Enhance secure programming practices by raising awareness and giving programmers the tools needed to audit their code from the user’s perspective.
Course Topics:
- Web Protocols Primer
- Web protocols & standards (HTML, HTTP)
- Session tracking and state mechanisms
- HTTP authentication mechanisms
- Tools for interception, manipulation, and analysis of web traffic
Common Web Application Security Threats:
- The Web Application Security Consortium (WASC) Threat Classification
- Classes of Attack; definitions and examples (including authentication, authorization, client-side attacks, command execution, information disclosure, and logic attacks)
- The most popular forms of attack will be covered in the labs, such as Cross-site Scripting (XSS) and SQL Injection
- Remote tools and testing techniques for locating these vulnerabilities
- Cross references to the OWASP Top Ten will be given.