This basic seminar provides a comprehensive introduction to Web Application Security and a coherent, in-depth concept for creating sustainable security for web applications, web presences and servers.
Approaches to solutions in programming, software and system architecture are given as generic patterns that can be easily adapted to your own environment. The participants are thus able to create secure web applications, to analyze and evaluate existing applications with regard to essential security vulnerabilities and to derive appropriate measures.
The seminar includes the work of the OWASP (Open Web Application Security Project) considered to have a significant impact on the future. At the same time, the contents go far beyond the common standard of the OWASP Top 10. Particular importance is given to the practicability and feasibility of the described measures.
If the training exceeds 2 days, our easy-to-use mobile training environment can be used. The vulnerabilities are identified by the participants by solving specific tasks and are then discussed in the group. We place particular emphasis on participants using their own laptops with their individual working environment.
All contents can be adapted according to your specific needs!
- Authentication/authorization, Access Control
- Sessions, Cookies, Dom Storage, JWT
- SOP, CORS
- Security header (CSP, HSTS, etc.)
- Cryptography (basics, SSL/TLS, certificates etc.)
- SOAP, JSON
- XSS (reflected, stored, dom-based)
- Injection (SQL, LDAP, XML, Code, …)
- Object deserialization
- CSRF, clickjacking
- JSONP hijacking, CORS misconfiguration
- XML external entity includes
- Logical/Semantic attacks, Phishing
- Network separation, firewalls, WAFs
- Input validation, output encoding
- Best practices of programming
- Software developer
- Software architect
- Project manager
2 to 3 days or individually configured
|Dr. Bastian Braun|
Security consultant in many software projects
Experienced SSDLC consultant with 15+ years of experience
|Dr. Benjamin Kellermann|
Experienced penetration tester and IT security consultant
Security consultant and head of the penetration test team