This basic seminar provides a comprehensive introduction to Web Application Security and a coherent, in-depth concept for creating sustainable security for web applications, web presences and servers.
Approaches to solutions in programming, software and system architecture are given as generic patterns that can be easily adapted to your own environment. The participants are thus able to create secure web applications, to analyze and evaluate existing applications with regard to essential security vulnerabilities and to derive appropriate measures.
The seminar includes the work of the OWASP (Open Web Application Security Project) considered to have a significant impact on the future. At the same time, the contents go far beyond the common standard of the OWASP Top 10. Particular importance is given to the practicability and feasibility of the described measures.
Our easy-to-use mobile training environment is used for all exercises. The vulnerabilities are identified by the participants by solving specific tasks and are then discussed in the group. We place particular emphasis on participants using their own laptops with their individual working environment.
All contents can be adapted according to your specific needs!
Content
- Basics
- HTTP-Basics
- Authentication/authorization, Access Control
- Sessions, Cookies, Dom Storage, JWT
- SOP, CORS
- Security header (CSP, HSTS, etc.)
- Cryptography (basics, SSL/TLS, certificates etc.)
- SOAP, JSON
- Attacks
- XSS (reflected, stored, dom-based)
- Injection (SQL, LDAP, XML, Code, …)
- Object deserialization
- CSRF, clickjacking
- JSONP hijacking, CORS misconfiguration
- XML external entity includes
- Logical/Semantic attacks, Phishing
- Defense
- Network separation, firewalls, WAFs
- Input validation, output encoding
- Anti-Automatisierung
- Best practices of programming
Target audience
- Software developer
- Software architect
- Project manager
Duration
2 to 3 days or individually configured
Prerequisites
none
Trainer
 |
Dr. Bastian Braun Security consultant in many software projects |
 |
Mirko Richter Experienced SSDLC consultant with 15+ years of experience |
 |
Dr. Benjamin Kellermann Experienced penetration tester and IT security consultant |
 |
Björn Kirschner Experienced penetration tester and IT security consultant |
 |
Reinhard Böhme Experienced penetration tester in web and infrastructure |
Our training courses are aimed at companies and organisations. A training course can be economical with just three or more participants. The trainings take place at your premises or is organised by us in your desired environment.
You might also be interested in these trainings:
Your Contact:
Dr.-Ing. Benjamin Kellermann
Contact us via email.
Or call us or use our special contact form.
