Web Security for Developers

The web is a great software delivery platform, making your software available to users around the world with zero installation and easily deployed updates. Unfortunately, it also exposes you to an army of adversaries - some human, some bot - who have darker goals: to cause loss to your data or reputation, subvert your resources for their own gain or attack your user base.

This course helps you to develop a security-oriented mindset. It explores the way the web works, so you have a way to understand how various vulnerabilities arise. Then, with those foundations laid, it covers a range of common and less common vulnerabilities, how an attack based on them would be constructed, and how you can recognize and defend against them.

    Target audience

    You should have basic web development experience.

    What you will learn

    Day 1


    • The reality
    • What might an attacker want?
    • Security is relative


    • Man-in-the-middle attacks
    • HTTP session hijacking
    • Replay attacks
    • HTTPS
    • Certificates


    • Character encoding
    • Unicode
    • Encoding (UTF-7, UTF-8, UTF-16)
    • Canonicalization & Normalization


    • Stored XSS
    • Reflected XSS
    • DOM Based XSS
    • XSS Preventions

    Cross site request forgery (CSRF)

    • Prevention
    • Synchronizer Token Pattern
    • Double Submit Cookies
    • CSRF & ASP.NET Web Forms
    • CSRF & Ajax


    • SQL Injections
    • File path injections
    • HTTP header injections
    • Regular expression injections


    • HTTP basic authentication
    • Windows authentication
    • OAuth
    • OpenID
    • Signed requests
    • Form based authentication

    Day 2

    Denial-of-Service (DoS) attacks

    • Network attacks
    • Application level attacks
    • Regular Expression attacks
    • XML DoS attacks
    • SQL Attacks
    • Slow DoS attacks
    • SSL DoS attacks

    Securing web-services

    • JSON Hijacking
    • AJAX attacks

    Password management

    • Secure password storage
    • Hashing
    • Secure password recovery process

    Information leakage

    • Error handling
    • Source control leaks
    • SQL Timing attacks
    • Login timing attacks
    • Response header leakage
    • Threading leakage
    • Server leaks

    Logging & monitoring

    • Logging
    • Monitoring
    • Knowing when the site is under attack
    • Honey pots

    Cross Site Port Attacks - (XSPA)

    • Introduction to XSPA attacks

    Attacking our site

    • How can we start hacking our self
    • Tools and demonstration

    Securing ASP.NET

    • ASP.NET Webforms
    • Deployment

    How to make a secure site

    • Security Risk management
    • Infrastructure
    • Secure development


    • Odd attacks
    • Rules that you should follow

    Course info

    Course code: T175
    Duration: 2 days
    Price: 21 500 SEK
    Language: English

    Course schedule

    29 MayBook now
    15 AprBook now
    25 NovBook now
    19 DecBook now



    Contact us for details

    +46 40 61 70 720

    All prices excluding VAT