We offer web security training courses for primarily two target audiences: First, developers who want to learn about web application security, single sign-on, TLS, XML, and web service technologies. Second, penetration testers who want to get an in-depth knowledge about web security. Our discussed topics are both known, and also usually unknown attacks, along with their countermeasures. Furthermore, we go into detail regarding solutions to automate security tests.

Web Service Security

In this training, web service technologies will be introduced and numerous attack techniques used to attack SOAP-based web services will be presented using examples. Afterwards, the participants will have the opportunity to execute various attacks themselves in a virtual machine prepared by us. First, the attacks are executed manually (for example, using SoapUI) in order to get a feeling for the underlying vulnerabilities. We will then introduce our penetration testing tool WS-Attacker, which can be used to automatically test many of these attacks. The virtual machine is usable offline and can be used by participants for further internal education after the course has ended.

Due to the importance of integrating web services into your enterprise ecosystem, it is essential to understand and address the problems of these technologies. The training will address the following questions, among others:

  • How do I use an XML parser correctly?
  • How do I check an XML document‘s signature correctly?
  • Which risks need to be considered when using WS-* extensions?
  • Is encrypting my messages with TLS sufficient?
  • How can I protect my systems against attackers?

hackmanit it security schulung tage

2 Days

hackmanit it security schulung hands-on

Hands-On

hackmanit it security schulung team teilnahme zertifikat

Certificate of Attendance

hackmanit it security schulung preis

1.290 €*

Training Contents

  • DAY 1
    • XML and SOAP-based Web Services
    • XML Schema and WS-Policy
    • WS-Addressing and WS-Addressing Spoofing
    • XML Parsing (DOM vs. SAX)
    • XML-specific Denial-of-Service Attacks
    • XML Security and WS-Security
      • Differences to SSL/TLS
    • XML Signature
      • ID-based Signatures and XPath

  • DAY 2
    • XML Signature Wrapping Attacks
    • XML Encryption
      • Attacks on Symmetric Encryption
      • Attacks on Asymmetric Encryption
    • Penetration Testing with WS-Attacker
    • Outlook: SAML-based Single Sign-On
    • REST-based Web Services
      • Attacks and Best Practices

 

Target Audience

This training is designed for primarily two target audiences:

  • Developers who use XML and web services in practice.
  • Penetration testers and security researchers who want to learn how to evaluate the security of those systems.

 

Booking Options

Customized training options for you or your team.

hackmanit it security schulung team online

Team online training
(at least 5 participants)

hackmanit it security schulung präsenzschulung bei ihnen

On-site training at your company

hackmanit it security schulung präsenzschulung bei Hackmanit

On-site training at Hackmanit

Whether a team online training or on-site training, we adapt to your wishes. Contact the person responsible for the desired training to receive an individual and non-binding offer. Send the individual booking request by email to Prof. Dr. Juraj Somorovsky:

 

Short Overview

Duration  |  2 days, 8 hrs. per day (incl. breaks)
Time  |  from 9:00 to 17:00 o’clock
Total Price  |  1.290€ plus VAT (per person)
Registration  |  by email to Prof. Dr. Juraj Somorovsky

 

 

Prof. Dr. Juraj Somorovsky

Your Contact for This Training

Prof. Dr. Juraj Somorovsky
juraj.somorovsky@hackmanit.de

* All prices excl. VAT