Limes Academy / Security Engineering Training / SEC.303 Secure Coding Web

SEC.303 Secure Coding Web

As part of the Secure Coding Web training, security concepts on the Web will be discussed, including Transport Layer Security (TLS) and Cross-origin Resource Sharing (CORS). How Session Management can be securely implemented will be explained. Then the anatomy of the most common web attacks such as Cross-site Scripting, Cross-site Request Forgery and SQL Injections is discussed together with how to avoid them. In addition, more complex web attacks such as XML External Entities, Broken Authentication, and Security Misconfiguration are explained. It
concludes with an explanation of how code reviews can lead to improved code quality and how a secure development life cycle can be implemented in your organization. For a better understanding practical exercises are built into the topics.

The training is particularly recommended for

front-end and back-end developers to protect their applications against malicious activities from the internet.

The training in a nutshell

  • Ideal entry-level training for secure web development
  • Duration: 2 days
  • Course Language: German or English
  • Requirements: No previous knowledge, own notebook necessary
  • Completion with certificate of participation
  • Public and in-house training possible

Content of training

The participants can expect the following content for the selected training:

Day 1

  • Introduction to IT-Security
    • Evolution of Cyber-Attacks
    • Types of Attackers
    • IT-Security 101
  • Cryptography
    • Encryption
    • Hashs
    • Signatures
    • Public-Key Infrastructure and Certificates
    • Transport Layer Security (TLS)
  • Authentication & Authorization
    • Passwords
    • Problems with Password-based Authentication
    • Brute-Force-Attacks

Day 2

  • Authentication & Authorization Part 2
    • Secure Session Management
    • Forwards and Redirects
    • Security-Frameworks
  • Injection Attacks
    • SQL Injections
    • OS Command Injection
    • Cross Site Scripting (XSS)
    • XML Injection
    • Cross Site Request Forgery

After the training the participants should…

  • understand how attacks work and start thinking like an attacker
  • understand why secure web development is important and why to implement it
  • understand what steps are necessary to execute secure web development
  • be capable to integrate secure web development into their area of responsibility


SEC.303 Secure Coding Web



for security basics in web development

Dates and registration

14 July 2020

SEC.302 Secure Coding C Sharp

14. July - 16. July
Linz, Österreich
+ Google Karte
08 September 2020

SEC.302 Secure Coding C Sharp

08. September - 10. September
Wien, Österreich
+ Google Karte

Dates on request

Dates on request