Web Security for Developers

The web is a great software delivery platform, making your software available to users around the world with zero installation and easily deployed updates. Unfortunately, it also exposes you to an army of adversaries - some human, some bot - who have darker goals: to cause loss to your data or reputation, subvert your resources for their own gain or attack your user base.

This course helps you to develop a security-oriented mindset. It explores the way the web works, so you have a way to understand how various vulnerabilities arise. Then, with those foundations laid, it covers a range of common and less common vulnerabilities, how an attack based on them would be constructed, and how you can recognize and defend against them.

    Target audience

    This course is aimed at web developers.


    You should have basic web development experience.


    "He knew what he was doing, could answer any question."  

    "Fun and well documented exerciese, easy to follow."  

    "The best part about this course is the mix between listening and having exercises to follow. That means we could talk about a topic and then experience it ourselfs. The exercises also contributed to not losing focus, which I often tend to do while only listening."

    What you will learn

    Day 1


    • The reality
    • What might an attacker want?
    • Social Engineering


    • Man-in-the-middle attacks
    • Certificates
    • Certificate pinning
    • Securing cookies
    • HTTP Strict Transport Security header


    • Character encoding
    • Unicode
    • Encoding

    Cross Site Scripting

    • Stored XSS
    • Reflected XSS
    • DOM Based XSS
    • XSS Preventions

    Content Security Policy

    • Headers and directives
    • CSP Reporting

    Cross site request forgery (CSRF)

    • CSRF Prevention
    • Synchronizer Token Pattern
    • Double Submit Cookies


    • SQL Injections
    • File path injections

    Authentication & Authorization

    • OAuth
    • OpenID Connect
    • Signed requests
    • Form based authentication
    • Securing the session

    Day 2

    Denial-of-Service (DoS) attacks

    • Network attacks
    • Application level attacks
    • Regular Expression attacks
    • XML DoS attacks
    • Decompression bombs

    Password management

    • Secure password storage
    • Hashing
    • Salt and pepper

    Information leakage

    • Error handling
    • Source control leaks
    • SQL Timing attacks
    • Login timing attacks
    • Response header leakage
    • Search engine leakage
    • Server leaks

    Logging & monitoring

    • Logging
    • Monitoring
    • Knowing when the site is under attack
    • Honey pots

    Attacking and securing our site

    • Hacking tools
    • Penetration testing
    • Hack your self
    • How to make a secure site
    • Secure development process

    Related articles

    • How to install RavenDB on a VM in Azure (step-by-step, part 1)

      This is a guide for you who want to work with document databases. I describe how I got RavenDB to work on a regular Windows Server 16 virtual machine which in turn runs in the Azure cloud. 

      Read more
    • How to install RavenDB on a VM in Azure (step-by-step, part 2)

      A guide in three parts, this is the second part. 

      Read more
    • How to install RavenDB on a VM in Azure (step-by-step, part 3)

      This is a guide in three parts. In this third part, we show how you import a certificate.

      Read more

    Course info

    Course code: T175
    Duration: 2 days
    Price: 21 500 SEK
    Language: English

    Course schedule

    9 Jan 2020Book now
    17 Mar 2020Book now
    14 May 2020Book now
    9 Jan 2020Book now
    17 Mar 2020Book now
    14 May 2020Book now
    19 DecBook now
    10 Feb 2020Book now
    6 Apr 2020Book now
    15 Jun 2020Book now



    Contact us for details

    +46 40 61 70 720

    All prices excluding VAT