Contact | Privacy | DE / EN
Hackmanit Logo

 

Secure Web Development, XML, and TLS Security

The trainings can be done In-House at your company or at our home town in Bochum (Germany). We offer each security training individually and also collectively as a five day workshop. Please also contact us if you are interested in talks about topics like Clickjacking. You can contact us, for example, via mail@hackmanit.de.

Our security trainings: For smaller companies and freelancer with German language skills, we recommend booking our trainings at Linuxhotel:

Linuxhotel





Secure Web Development (3 days)

  • Basic knowledge
    • HTTP, HTML, CSS, XML, and DOM
  • Social Engineering and Information Disclosure
  • Logical Flaws
  • Same-Origin Policy
  • Cross-Site Request Forgery
  • Cross-Site Scripting
    • Reflective XSS
    • Stored XSS
    • DOM-based XSS
    • Self XSS
    • Mutation-based XSS
  • Session Hijacking and Session Fixation
  • UI Redressing and Clickjacking
  • DOM Clobbering
  • File Inclusions and Path Traversal
  • Remote Command and Code Execution
  • SQL Injections
  • Secure Coding
    • OWASP TOP-10
    • Fonts
    • DOCTYPE Switch
    • HTTP Parameter Pollution
    • HTML5 sandbox attribute
    • Content Security Policy
    • Burp Suite
    • Security Requirements

Example: 15 Slides
Flyer: Secure Web Development

Contact: Marcus Niemietz


Web Service and Single Sign-On Security (2 days)

  • XML and SOAP-based Web services
  • XML Schema and WS Policy
  • WS-Addressing and WS-Addressing Spoofing
  • XML Parsing (DOM vs SAX)
  • XML-based Denial-of-Service Attacks
  • XML Security and WS Security
    • Differences: SSL/TLS
  • XML Signature
    • ID-based and XPath-based XML Signatures
    • XML Signature Wrapping Attacks
  • XML Encryption
    • Symmetric Encryption Attacks
    • Asymetric Encryption Attacks
  • Testing with WS-Attacker
  • SAML-based Single-Sign On
    • Attacks
  • REST-based Web Services
    • Attacks and Best Practices

Example: 15 Slides
Flyer: Web Service and Single Sign-On Security

Contact: Dr. Christian Mainka


TLS Security (2 days)

  • A short introduction to cryptography
  • TLS message flow
  • TLS extensions
  • Certificates and certificate validation
  • Attacks – Short overview: e.g., BEAST, CRIME, Heartbleed
  • TLS implementations
  • Secure server configuration
    • Apache HTTP Server (mod_ssl)
    • Apache Tomcat
  • Evaluation of deployed TLS servers with well-established tools

Example: 15 Slides
Flyer: TLS Security

Contact: Dr. Juraj Somorovsky