Best Practices for Secure Web Applications

This basic seminar provides a comprehensive introduction to Web Application Security and a coherent, in-depth concept for creating sustainable security for web applications, web presences and servers.

Approaches to solutions in programming, software and system architecture are given as generic patterns that can be easily adapted to your own environment. The participants are thus able to create secure web applications, to analyze and evaluate existing applications with regard to essential security vulnerabilities and to derive appropriate measures.

The seminar includes the work of the OWASP (Open Web Application Security Project) considered to have a significant impact on the future. At the same time, the contents go far beyond the common standard of the OWASP Top 10. Particular importance is given to the practicability and feasibility of the described measures.

If the training exceeds 2 days, our easy-to-use mobile training environment can be used. The vulnerabilities are identified by the participants by solving specific tasks and are then discussed in the group. We place particular emphasis on participants using their own laptops with their individual working environment.

All contents can be adapted according to your specific needs!

Content

  • Basics
    • HTTP-Basics
    • Authentication/authorization, Access Control
    • Sessions, Cookies, Dom Storage, JWT
    • SOP, CORS
    • Security header (CSP, HSTS, etc.)
    • Cryptography (basics, SSL/TLS, certificates etc.)
    • SOAP, JSON
  • Attacks
    • XSS (reflected, stored, dom-based)
    • Injection (SQL, LDAP, XML, Code, …)
    • Object deserialization
    • CSRF, clickjacking
    • JSONP hijacking, CORS misconfiguration
    • XML external entity includes
    • Logical/Semantic attacks, Phishing
  • Defense
    • Network separation, firewalls, WAFs
    • Input validation, output encoding
    • Anti-Automatisierung
    • Best practices of programming

Target audience

  • Software developer
  • Software architect
  • Project manager

Duration

2 to 3 days or individually configured

Prerequisites

none

Trainer

Best Practices for Secure Web ApplicationsDr. Bastian Braun
Security consultant in many software projects
Best Practices for Secure Web ApplicationsMirko Richter
Experienced SSDLC consultant with 15+ years of experience
Best Practices for Secure Web ApplicationsDr. Benjamin Kellermann
Experienced penetration tester and IT security consultant
Best Practices for Secure Web ApplicationsMaximiliane Zirm
Security consultant and head of the penetration test team
Best Practices for Secure Web ApplicationsBjörn Kirschner
Experienced penetration tester and IT security consultant

Our training courses are aimed at companies and organisations. A training course can be economical with just three or more participants. The trainings take place at your premises or is organised by us in your desired environment.

Mirko Richter

Your Contact:

Mirko Richter

Tel.: +49 (351) 465 662-886
mirko.richter@mgm-sp.com

Wenn Sie auf der Seite weitersurfen, stimmen Sie der Cookie-Nutzung zu.
If you continue to visit the site, you agree to the use of cookies.
Privacy Policy / Cookie Policy

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close