Online-Training: Security for Web Applications
Often copied, never matched!
Dates
|
Currently no dates available, please contact us at info@oose.de
|
Sign up |
Your Trainer: Hannes Molsen
As a freelance trainer and consultant, I support organizations in secure software development. This includes the creation and evaluation of software architectures, for example by means of threat modeling, the development of secure code and the discovery of vulnerabilities through penetration testing in true hand and brain work (TAH - Tool Assisted Human). I do not only help to write secure development processes, but also support to implement them in a practicable way.
But what good is the best process if the knowledge is missing? To counter this, I give various training courses, among others for software developers and architects, which are as exciting and entertaining as they are instructive, and whose contents can be applied in everyday life.
I spend the second half of my professional life as Product Security Manager at Dräger, a manufacturer of medical and safety technology. Here I create and maintain an environment in which it is easy to meet high cyber security requirements in product development. I place particular emphasis on a holistic approach that covers all areas of cyber security, from developer training to security assessments to incident response.
In both worlds, I draw from the experience I have gained over a good 15 years on the developer side of large and small projects around web applications, embedded and distributed systems.
Description
In this seminar you will learn how to secure your web applications against the most common and dangerous attacks. You will systematically learn about the most critical security vulnerabilities and try them out on a sample application. Step by step you will mitigate these risks and learn how easy it can be to avoid serious mistakes. The concepts you learn are independent of specific technologies and can certainly be applied to your project.
Content:
- Introduction to OWASP (OWASP Top 10, Cheat Sheets, Tools)
- SQL Injection
- Authentication
- Securing secure credentials
- Securing cookies
- Multi Factor Authentication
- Transport Layer Security (SSL / TLS)
- Command Injection
- Insecure Deserialization
- XML External Entity Attacks
- Cross Site Scripting
- Session Hijacking / Session Fixation
- Input Validation / Output Escaping (Sanitization)
- Cross Site Request Forgery (CSRF)
- Same Origin Policy
- Security Header (CSP, CORS, ...)
- Clickjacking
- Tools (OWASP ZAP, sqlmap, …)
- Fuzz Testing
- Function Level Access Control
- Insecure Direct Object References
- Security Development Lifecycle (SDLC)
Requirements:
- You are experienced with at least one programming language and know the basics of web development, i.e. terms like: http, HTML, browser, service.
- Helpful but not mandatory are basic knowledge in SQL and JavaScript
- The exercises will take place in Java, but you do not need special Java knowledg
In-house training
You can also book this as an in-house training (company training). In this case, we currently conduct this training remotely (online training). Contact us and arrange an individual appointment!
