Search, explore and find the perfect course for you

Web Security for Developers

The web is a great software delivery platform, making your software available to users around the world with zero installation and easily deployed updates. Unfortunately, it also exposes you to an army of adversaries - some human, some bot - who have darker goals: to cause loss to your data or reputation, subvert your resources for their own gain or attack your user base.

This course helps you to develop a security-oriented mindset. It explores the way the web works, so you have a way to understand how various vulnerabilities arise. Then, with those foundations laid, it covers a range of common and less common vulnerabilities, how an attack based on them would be constructed, and how you can recognize and defend against them.

  • HTML
  • JavaScript

Target audience

This course is aimed at web developers.


You should have basic web development experience.

What you will learn

Day 1


  • The reality
  • What might an attacker want?
  • Security is relative


  • Man-in-the-middle attacks
  • HTTP session hijacking
  • Replay attacks
  • Certificates


  • Character encoding
  • Unicode
  • Encoding (UTF-7, UTF-8, UTF-16)
  • Canonicalization & Normalization


  • Stored XSS
  • Reflected XSS
  • DOM Based XSS
  • XSS Preventions

Cross site request forgery (CSRF)

  • Prevention
  • Synchronizer Token Pattern
  • Double Submit Cookies
  • CSRF & ASP.NET Web Forms
  • CSRF & Ajax


  • SQL Injections
  • File path injections
  • HTTP header injections
  • Regular expression injections


  • HTTP basic authentication
  • Windows authentication
  • OAuth
  • OpenID
  • Signed requests
  • Form based authentication

Day 2

Denial-of-Service (DoS) attacks

  • Network attacks
  • Application level attacks
  • Regular Expression attacks
  • XML DoS attacks
  • SQL Attacks
  • Slow DoS attacks
  • SSL DoS attacks

Securing web-services

  • JSON Hijacking
  • AJAX attacks

Password management

  • Secure password storage
  • Hashing
  • Secure password recovery process

Information leakage

  • Error handling
  • Source control leaks
  • SQL Timing attacks
  • Login timing attacks
  • Response header leakage
  • Threading leakage
  • Server leaks

Logging & monitoring

  • Logging
  • Monitoring
  • Knowing when the site is under attack
  • Honey pots

Cross Site Port Attacks - (XSPA)

  • Introduction to XSPA attacks

Attacking our site

  • How can we start hacking our self
  • Tools and demonstration

Securing ASP.NET

  • ASP.NET Webforms
  • Deployment

How to make a secure site

  • Security Risk management
  • Infrastructure
  • Secure development


  • Odd attacks
  • Rules that you should follow

Course info

Course code: T175
Duration: 2 days
Price: 18 600 SEK

Course schedule

8th May. 2017 Book now
2nd Oct. 2017 Book now
11th Dec. 2017 Book now



Contact us for details

+46 40 61 70 720

All prices excluding VAT