Duration: 2 days
Cost/Participant: € 1.540,- plus VAT
Minimum number of participants: 8 people
Training Format: In-house training
The training „Secure Coding Web“ covers security concepts for the web, such as Transport Layer Security (TLS) and cross-origin resource sharing (CORS). It explains how session management can be securely implemented. It then details the anatomy of the most common web attacks, such as cross-site scripting, cross-site request forgery, and SQL injection, and discusses how to avoid them. In addition, more complex web attacks such as web cache poisoning, web socket injection attacks und attack on authentication frameworks like OpenID and OAuth2 are explained.Finally, best practices are explained to improve code quality through code reviews, and how to implement a secure software development process in your organization in general. Practical exercises in the different topics will be conducted for better understanding.
Content of Training
- Introduction to IT security
- History of malware and other attacks
- Types of cyber attackers
- IT security 101 „OSINT“
- Cryptography
- Encryption
- Hashing
- Signatures
- Public-key infrastructure and certificates
- Transport Layer Security (TLS)
- Access control (part 1)
- JSON Web Tokens
- OAuth2
- OpenID
- Access control (part 2)
- Cross-origin resource sharing
- Cross-site request forgery
- Web socket security
- Injection Attacks
- SQL injection
- Cross-site scripting (XSS)
- Web cache poisoning
- Revision
- Code review
- Static and dynamic code analysis
- Secure software development lifecycle
After the training, participants should
- understand how attacks work and start thinking like an attacker.
- understand why secure software development is important and why to implement it.
- understand what steps are necessary for a secure software development.
- be capable to integrate secure development into their area of responsibility.
Upon Request
Are you interested in a SEC.303 Secure Coding Web Training? Contact us!