Secure Coding Web

The training „Secure Coding Web“ covers security concepts for the web, such as Transport Layer Security (TLS) and cross-origin resource sharing (CORS). It explains how session management can be securely implemented. It then details the anatomy of the most common web attacks, such as cross-site scripting, cross-site request forgery, and SQL injection, and discusses how to avoid them. In addition, more complex web attacks such as web cache poisoning, web socket injection attacks und attack on authentication frameworks like OpenID and OAuth2 are explained.Finally, best practices are explained to improve code quality through code reviews, and how to implement a secure software development process in your organization in general. Practical exercises in the different topics will be conducted for better understanding.

Content of Training

After the training, participants should

• understand how attacks work and start thinking like an attacker.
• understand why secure software development is important and why to implement it.
• understand what steps are necessary for a secure software development.
• be capable to integrate secure development into their area of responsibility.