Web Security for Developers kursus

Kort navn:IN20113
Type:Få alle relevante oplysninger sendt gratis
Varighed:2 dage
Pris:Varierer alt efter kursussted. Ring og hør
Tryk på en dato herunder for tilmelding eller yderligere information om dette kursus

RING 70 23 26 50 eller send en mail og få uforpligtende informationer om, hvor kurset udbydes, datoer, priser og en status på, om kurset har deltagere nok til at det bliver gennemført.

Udbydes kurset ikke i oversigten til højre, så kontakt os endelig for ny dato.

The web is a great software delivery platform, making your software available to users around the world with zero installation and easily deployed updates. Unfortunately, it also exposes you to an army of adversaries - some human, some bot - who have darker goals: to cause loss to your data or reputation, subvert your resources for their own gain or attack your user base.

This course helps you to develop a security-oriented mindset. It explores the way the web works, so you have a way to understand how various vulnerabilities arise. Then, with those foundations laid, it covers a range of common and less common vulnerabilities, how an attack based on them would be constructed, and how you can recognize and defend against them.

Målgrupp: This course is aimed at web developers.


Module 1: Developing a security-oriented mindset

* The economics of security

* Attack vectors: technical, social, physical

* Security in depth

* The issues with security by obscurity

* Positive vs negative validation


Module 2: Analysing HTTP request/response

* Understanding the HTTP protocol

* Using a HTTP analyser

* Request header content

* Response header content

* GET vs POST and the implications

* Assembling and making custom fake requests

* Tracing an AJAX application's HTTP flow


Module 3: Injection vulnerabilities

* Concept and overall defense strategy

* SQL injection

* Path injection

* HTTP header injection

* Mail header injection

* XPATH injection

* Regex injection


Module 4: Attacks from the client side

* Cross site scripting (XSS)

* Cross site request forgery (CSRF)


Module 5: Authentication and authorization issues

* Comparing password protection

* Securing password storage

* Handling password changes and resets securely

* Session poisoning and session stealing

* Direct object reference vulnerabilities

* Securing static objects

* Securing AJAX


Module 6: Exploiting trust relationships

* Social engineering basics

* Phishing

* Unvalidated re-directs and forwards

* Weaknesses due to faked referrers

* Dangers related to shared hosting and shared domains

* Unicode homograph related issues


Module 7: Information leakage

* The dangers of bad error handling

* Managing risks in open APIs

* Timing attacks


Module 8: Denial of Service attacks

* How DoS attacks arise

* DoS vs DDoS

* XML poisoning attacks

* Regex backtracking blow-up attacks

Ring og hør!
+45 7023 2650