SEC.303 Secure Coding Web

As part of the Secure Coding Web training, security concepts on the Web will be discussed, including Transport Layer Security (TLS) and Cross-origin Resource Sharing (CORS). How Session Management can be securely implemented will be explained. Then the anatomy of the most common web attacks such as Cross-site Scripting, Cross-site Request Forgery and SQL Injections is discussed together with how to avoid them. In addition, more complex web attacks such as XML External Entities, Broken Authentication, and Security Misconfiguration are explained. It
concludes with an explanation of how code reviews can lead to improved code quality and how a secure development life cycle can be implemented in your organization. For a better understanding practical exercises are built into the topics.

Content of Training

After the training the participants should

• understand how attacks work and start thinking like an attacker.
• understand why secure software development is important and why to implement it.
• understand what steps are necessary for a secure software development.
• be capable to integrate secure development into their area of responsibility.