Search, explore and find the perfect course for you

Web Security for Developers

The web is a great software delivery platform, making your software available to users around the world with zero installation and easily deployed updates. Unfortunately, it also exposes you to an army of adversaries - some human, some bot - who have darker goals: to cause loss to your data or reputation, subvert your resources for their own gain or attack your user base.

This course helps you to develop a security-oriented mindset. It explores the way the web works, so you have a way to understand how various vulnerabilities arise. Then, with those foundations laid, it covers a range of common and less common vulnerabilities, how an attack based on them would be constructed, and how you can recognize and defend against them.

  • HTML
  • JavaScript

Target audience

This course is aimed at web developers.

Pre-requisites

You should have basic web development experience.

What you will learn

Day 1

Introduction

  • The reality
  • What might an attacker want?
  • Security is relative

HTTPS

  • Man-in-the-middle attacks
  • HTTP session hijacking
  • Replay attacks
  • HTTPS
  • Certificates

Encoding

  • Character encoding
  • Unicode
  • Encoding (UTF-7, UTF-8, UTF-16)
  • Canonicalization & Normalization

XSS

  • Stored XSS
  • Reflected XSS
  • DOM Based XSS
  • XSS Preventions

Cross site request forgery (CSRF)

  • Prevention
  • Synchronizer Token Pattern
  • Double Submit Cookies
  • CSRF & ASP.NET Web Forms
  • CSRF & ASP.NET MVC
  • CSRF & Ajax

Injections

  • SQL Injections
  • File path injections
  • HTTP header injections
  • Regular expression injections

Authentication

  • HTTP basic authentication
  • Windows authentication
  • OAuth
  • OpenID
  • Signed requests
  • Form based authentication

Day 2

Denial-of-Service (DoS) attacks

  • Network attacks
  • Application level attacks
  • Regular Expression attacks
  • XML DoS attacks
  • SQL Attacks
  • Slow DoS attacks
  • SSL DoS attacks

Securing web-services

  • JSON Hijacking
  • AJAX attacks

Password management

  • Secure password storage
  • Hashing
  • Secure password recovery process

Information leakage

  • Error handling
  • Source control leaks
  • SQL Timing attacks
  • Login timing attacks
  • Response header leakage
  • Threading leakage
  • Server leaks

Logging & monitoring

  • Logging
  • Monitoring
  • Knowing when the site is under attack
  • Honey pots

Cross Site Port Attacks - (XSPA)

  • Introduction to XSPA attacks

Attacking our site

  • How can we start hacking our self
  • Tools and demonstration

Securing ASP.NET

  • ASP.NET MVC
  • ASP.NET Webforms
  • Deployment

How to make a secure site

  • Security Risk management
  • Infrastructure
  • Secure development

Conclusion

  • Odd attacks
  • Rules that you should follow

Course info

Course code: T175
Duration: 2 days
Price: 19 500 SEK

Course schedule

Malmö
17th Aug. 2017 Book now
9th Oct. 2017 Book now
4th Dec. 2017 Book now
Oslo
3rd Aug. 2017 Book now
21st Sep. 2017 Book now
30th Nov. 2017 Book now
Stockholm
2nd Oct. 2017 Book now
11th Dec. 2017 Book now

Teachers

Share

Contact us for details

+46 40 61 70 720
info@edument.se


All prices excluding VAT