Realdolmen Education

Details

Web Security

Deze cursus is momenteel niet ingepland op de open kalender, maar kan op aanvraag georganiseerd worden.

Cursus aanvragen

Aantal dagen

1 day(s)

Audience

Developers, analysts and architects of any technology.

Prerequisites

None.

Objectives

After completing this course, participants will be able to make their web applications more secure.

Methods

Classroom training with hands-on exercises

Description

Due to their inherent public nature, web applications are often an important target for attackers. Often web applications are public gateways to our company. Insufficiently securing these applications may have grave results. Developers are often expected to make these applications in a secure manner but often lack the knowledge, skills and tools to do this.

This training will give developers the knowledge and skills needed to create secure web applications. During the course you will learn about several security issues often exploited by attackers. Using the OWASP Top 10, the 10 most common security problems in web applications today, you will learn how to perform these attacks yourself, what their impact is, and how they can be mitigated. But we will also take a look at newer technologies that have impact on the security of your web applications like NoSQL databases, HTML5 and the web crypto api.

During the exercises you will get hand on experience with the different attack methods and how to mitigate their effects.

Contents

  • Introduction
  • OWASP Top 10
    • Injection
      • ORM
      • NOSQL
    • Authentication and Session Management
      • Common passwords
      • Cookies
    • Cross site scripting
    • Insecure direct object references
    • Security misconfiguration
    • Sensitive data exposure
    • Missing function level access control
    • Cross site request forgery
      • On-site request forgery
    • Using components with known vulnerabilities
    • Unvalidated redirects and forwards
  • Web 2.0 & beyond
    • Webservice security
    • HTML5
    • Beyond
      • WebCryptoAPI
      • Content Security Policy
  • Tools