Tryk på en dato herunder for tilmelding eller yderligere information om dette kursus
RING 70 23 26 50 eller send en mail og få uforpligtende informationer om, hvor kurset udbydes, datoer, priser og en status på, om kurset har deltagere nok til at det bliver gennemført. Husk du betaler efter endt kursus.
Udbydes kurset ikke i oversigten til højre, så kontakt os endelig for ny dato.
The web is a great software delivery platform, making your software available to users around the world with zero installation and easily deployed updates. Unfortunately, it also exposes you to an army of adversaries - some human, some bot - who have darker goals: to cause loss to your data or reputation, subvert your resources for their own gain or attack your user base.
This course helps you to develop a security-oriented mindset. It explores the way the web works, so you have a way to understand how various vulnerabilities arise. Then, with those foundations laid, it covers a range of common and less common vulnerabilities, how an attack based on them would be constructed, and how you can recognize and defend against them.
Målgrupp: This course is aimed at web developers.
Innehåll:
Module 1: Developing a security-oriented mindset
* The economics of security
* Attack vectors: technical, social, physical
* Security in depth
* The issues with security by obscurity
* Positive vs negative validation
Module 2: Analysing HTTP request/response
* Understanding the HTTP protocol
* Using a HTTP analyser
* Request header content
* Response header content
* GET vs POST and the implications
* Assembling and making custom fake requests
* Tracing an AJAX application's HTTP flow
Module 3: Injection vulnerabilities
* Concept and overall defense strategy
* SQL injection
* Path injection
* HTTP header injection
* Mail header injection
* XPATH injection
* Regex injection
Module 4: Attacks from the client side
* Cross site scripting (XSS)
* Cross site request forgery (CSRF)
Module 5: Authentication and authorization issues
* Comparing password protection
* Securing password storage
* Handling password changes and resets securely
* Session poisoning and session stealing
* Direct object reference vulnerabilities
* Securing static objects
* Securing AJAX
Module 6: Exploiting trust relationships
* Social engineering basics
* Phishing
* Unvalidated re-directs and forwards
* Weaknesses due to faked referrers
* Dangers related to shared hosting and shared domains
* Unicode homograph related issues
Module 7: Information leakage
* The dangers of bad error handling
* Managing risks in open APIs
* Timing attacks
Module 8: Denial of Service attacks
* How DoS attacks arise
* DoS vs DDoS
* XML poisoning attacks
* Regex backtracking blow-up attacks