In the training for Secure Web Development, we use real-life examples where the participant will be taught how an attacker finds and exploits security vulnerabilities in web applications. In addition to well-known attacks such as SQL-injections, remote file inclusion, and cross-site scripting, there are also new threats from HTML(5) and NoSQL (e.g., MongoDB). The goal of this intensive training is to enable you to conduct smaller audits and penetration tests on your own. In addition, you will be able to understand and evaluate common attacks and to continually secure your web application regarding to these topics.
The training will address the following questions, among others:
- How do attackers proceed when looking for vulnerabilities in a web application? Which tools and procedures are used?
- How well is my web application protected against attacks? Where is it vulnerable?
- How can I harden my web application against attacks in just a few steps?
- Which measures are necessary to prevent future attacks against my web application?
- Short Introduction: HTTP, HTML, CSS, XML and DOM
- Social Engineering
- Information Disclosure
- Logical Flaws
- Same-Origin Policy
- Cross-Site Request Forgery
- Cross-Site Scripting
- Non-persistent XSS
- Persistent XSS
- DOM-based XSS
- Mutation-based XSS
- Scriptless Attacks
- Session Hijacking and Session Fixation
- UI Redressing and Clickjacking
- DOM Clobbering
- File Inclusions and Path Traversal
- Remote Command and Code Execution
- SQL- and NoSQL-Injections
- Secure Coding
- OWASP TOP-10
- Character Sets
- Content Security Policy
- Feature and Referrer Policy
- Burp Suite
- Security Requirements
Requirements: The course is designed for people who wish to familiarize themselves with web hacking. This course is particularly helpful for web developers (both front-end and back-end), heads of a web development departments, and information security officers. It is also helpful if you have knowledge of web languages, such as HTML.
Contact: Dr. Marcus Niemietz