The central idea of this highly technical seminar is to work with realistic code examples and numerous practical exercises. By teaching common attack vectors and vulnerabilities as well as appropriate countermeasures, the participants will be able to produce more secure code in the future and adequately reflect on potential neuralgic points of an application. In our modern training environment, realistic vulnerabilities are identified, corrected, solutions verified and discussed (individually or in small groups). The following questions are addressed over and over again for the given scenario:
- What do realistic attacks look like and what are their consequences?
- How can errors in the design and implementation phase be avoided?
- How do I avoid common implementation mistakes?
- How do I identify vulnerabilities in existing code?
In the course of the training, dedicated code examples with built-in vulnerabilities, primarily from the OWASP Top 10, will be analyzed and then independently corrected, discussed and, if necessary, verified either statically or at runtime. Our modern training environment guarantees efficient access to the exercise material. Most of the participants’ solutions are checked automatically, allowing each participant to receive independent feedback on his or her own learning success, adjusted to their individual speed.
All contents can be adapted specifically to your needs!
- General structuring
- Input and output handling
- Authentication and password management
- Session management
- Access control
- Error handling and logging
- data protection
- System configuration
- Communications security
- File management
- Memory management
- Selection of considered topics (customizable):
- JCE, JCA, JSSE
- JPA / prepared statements
- Servlet, JSP, JSTL, JSF, facelets
- JSON web token (JWT)
- Xerces, JAXB, Jackson, Jersey usw.