Day 1: Key concepts and terminology

• Defining application security: Understanding the measures, tools and processes used to protect applications against threats.
• Terminology: Introduction to key terms such as vulnerabilities, threats and security controls.
• Importance of application security: Discussion of the impact of security breaches on businesses and users14.

Day 2: Overview of threats and vulnerabilities

• Types of threats: Presentation of common attacks (e.g. SQL injection, XSS, CSRF) and their consequences3.
• Vulnerabilities: Identification of design and implementation flaws in applications5.
• Threat models: Introduction to the models used to assess the risks associated with applications.

Day 3: Threat identification techniques

• Threat identification: Methods for detecting potential threats in the software development lifecycle.
• Risk analysis: Process for assessing the potential impact of identified threats2.
• Vulnerability prioritization: Techniques for ranking vulnerabilities according to their severity and potential impact.

Day 4: Principles of secure design

• Fundamentals: Discussions on best practices for integrating security at the design stage.
• Security models: Exploration of different models (e.g. defense-in-depth) and their application in application development4.
• Best practices: Recommendations for secure design.

Day 5: Secure coding

• Input management: Techniques for validating and filtering user input to prevent attacks.
• Error and exception handling: Strategies for handling errors without disclosing sensitive information2.
• Authentication and session management: Importance of strong authentication and secure user session management.
• Test types: Differences between static and dynamic tests, importance of each in secure development.
• Tools and techniques: Overview of the tools available for effective security testing.
• Applicable standards: Introduction to standards such as OWASP, ISO, etc., which guide the implementation of application security15.
• Compliance process: Steps required to ensure that applications comply with security regulations.
• Analysis of vulnerable applications
• Real-life case studies: Analysis of applications that have suffered security breaches, lessons learned.
• Practical exercises: Putting the concepts learned into practice through application security exercises.
• This structure enables a progressive and in-depth understanding of application security issues, while integrating theory and practice.