Best Practices for Secure Web Applications
This basic seminar provides a comprehensive introduction to Web Application Security and a coherent, in-depth concept for creating sustainable security for web applications, web presences and servers.
Approaches to solutions in programming, software and system architecture are given as generic patterns that can be easily adapted to your own environment. The participants are thus able to create secure web applications, to analyze and evaluate existing applications with regard to essential security vulnerabilities and to derive appropriate measures.
The seminar includes the work of the OWASP (Open Web Application Security Project) considered to have a significant impact on the future. At the same time, the contents go far beyond the common standard of the OWASP Top 10. Particular importance is given to the practicability and feasibility of the described measures.
Our easy-to-use mobile training environment is used for all exercises. The vulnerabilities are identified by the participants by solving specific tasks and are then discussed in the group. We place particular emphasis on participants using their own laptops with their individual working environment.
All contents can be adapted according to your specific needs!
- Authentication/authorization, Access Control
- Sessions, Cookies, Dom Storage, JWT
- SOP, CORS
- Security header (CSP, HSTS, etc.)
- Cryptography (basics, SSL/TLS, certificates etc.)
- SOAP, JSON
- XSS (reflected, stored, dom-based)
- Injection (SQL, LDAP, XML, Code, …)
- Object deserialization
- CSRF, clickjacking
- JSONP hijacking, CORS misconfiguration
- XML external entity includes
- Logical/Semantic attacks, Phishing
- Network separation, firewalls, WAFs
- Input validation, output encoding
- Best practices of programming
- Software developer
- Software architect
- Project manager
2 to 3 days or individually configured