Skip to main content

SEC.303 Secure Coding Web

Beginner training for secure software development
Duration: 2 days
Cost: € 1576 plus VAT
Requirements: Experience in web technologies
Training Format: Public and in-house training possible

As part of the Secure Coding Web training, security concepts on the Web will be discussed, including Transport Layer Security (TLS) and Cross-origin Resource Sharing (CORS). How Session Management can be securely implemented will be explained. Then the anatomy of the most common web attacks such as Cross-site Scripting, Cross-site Request Forgery and SQL Injections is discussed together with how to avoid them. In addition, more complex web attacks such as XML External Entities, Broken Authentication, and Security Misconfiguration are explained. It
concludes with an explanation of how code reviews can lead to improved code quality and how a secure development life cycle can be implemented in your organization. For a better understanding practical exercises are built into the topics.

Content of Training

  • Introduction to IT-Security
    • Evolution of Cyber-Attacks
    • Types of Attackers
    • IT-Security 101 “OSINT”
  • Cryptography
    • Encryption
    • Hashs
    • Signatures
    • Public-Key Infrastructure and Certificates
    • Transport Layer Security (TLS)
  • Access control (part 1)
    • JSON Web Tokens
    • OAuth2
    • OpenID
  • Access control (part 2)
    • Cross-Origin Resource Sharing
    • Cross-Site Request Forgery
    • Web Socket Security
  • Injection Attacks
    • SQLInjection
    • Cross-Site-Scripting
    • Web Cache Poisoning
  • Revision
    • Code review
    • Static and dynamic analysis
    • Secure software development lifecycle

After the training the participants should

  • understand how attacks work and start thinking like an attacker.
  • understand why secure software development is important and why to implement it.
  • understand what steps are necessary for a secure software development.
  • be capable to integrate secure development into their area of responsibility.

Upon Request

Are you interested in a SEC.303 Secure Coding Web Training? Contact us!

Request training