Lade Veranstaltungen

« Alle Veranstaltungen

SEC.303 Secure Coding Web

05.10.2021, 08:30 - 06.10.2021, 16:30

As part of the Secure Coding Web training, security concepts on the Web will be discussed, including Transport Layer Security (TLS) and Cross-origin Resource Sharing (CORS). How Session Management can be securely implemented will be explained. Then the anatomy of the most common web attacks such as Cross-site Scripting, Cross-site Request Forgery and SQL Injections is discussed together with how to avoid them. In addition, more complex web attacks such as XML External Entities, Broken Authentication, and Security Misconfiguration are explained. It
concludes with an explanation of how code reviews can lead to improved code quality and how a secure development life cycle can be implemented in your organization. For a better understanding practical exercises are built into the topics.

The training is particularly recommended for

front-end and back-end developers to protect their applications against malicious activities from the internet.

The training in a nutshell

  • Ideal entry-level training for secure web development
  • Duration: 2 days
  • Course Language: German or English
  • Requirements: No previous knowledge, own notebook necessary
  • Completion with certificate of participation
  • Public and in-house training possible

Content of training

The participants can expect the following content for the selected training:

Day 1

  • Introduction to IT-Security
    • Evolution of Cyber-Attacks
    • Types of Attackers
    • IT-Security 101
  • Cryptography
    • Encryption
    • Hashs
    • Signatures
    • Public-Key Infrastructure and Certificates
    • Transport Layer Security (TLS)
  • Authentication & Authorization
    • Passwords
    • Problems with Password-based Authentication
    • Brute-Force-Attacks

Day 2

  • Authentication & Authorization Part 2
    • Secure Session Management
    • Forwards and Redirects
    • Security-Frameworks
  • Injection Attacks
    • SQL Injections
    • OS Command Injection
    • Cross Site Scripting (XSS)
    • XML Injection
    • Cross Site Request Forgery

After the training the participants should…

  • understand how web attacks work and start thinking like an attacker.
  • understand what steps are necessary to develop secure web applications.
  • learn how to integrate secure software development processes into your area of responsibility.


SEC.303 Secure Coding Web



for security basics in web development