Duration: 2 days
Cost: € 1548 plus VAT
Requirements: Experience in web technologies
Training Format: Public and in-house training possible
As part of the Secure Coding Web training, security concepts on the Web will be discussed, including Transport Layer Security (TLS) and Cross-origin Resource Sharing (CORS). How Session Management can be securely implemented will be explained. Then the anatomy of the most common web attacks such as Cross-site Scripting, Cross-site Request Forgery and SQL Injections is discussed together with how to avoid them. In addition, more complex web attacks such as XML External Entities, Broken Authentication, and Security Misconfiguration are explained. It
concludes with an explanation of how code reviews can lead to improved code quality and how a secure development life cycle can be implemented in your organization. For a better understanding practical exercises are built into the topics.
Content of Training
- Introduction to IT-Security
- Evolution of Cyber-Attacks
- Types of Attackers
- IT-Security 101
- Public-Key Infrastructure and Certificates
- Transport Layer Security (TLS)
- Authentication & Authorization
- Problems with Password-based Authentication
- Authentication & Authorization Part 2
- Secure Session Management
- Forwards and Redirects
- Injection Attacks
- SQL Injections
- OS Command Injection
- Cross Site Scripting (XSS)
- XML Injection
- Cross Site Request Forgery
After the training the participants should
- understand how web attacks work and start thinking like an attacker.
- understand what steps are necessary to develop secure web applications.
- learn how to integrate secure software development processes into your area of responsibility.