Web Security for Developers


The web is a great software delivery platform, making your software available to users around the world with zero installation and easily deployed updates. Unfortunately, it also exposes you to an army of adversaries - some human, some bot - who have darker goals: to cause loss to your data or reputation, subvert your resources for their own gain or attack your user base.

This course helps you to develop a security-oriented mindset. It explores the way the web works, so you have a way to understand how various vulnerabilities arise. Then, with those foundations laid, it covers a range of common and less common vulnerabilities, how an attack based on them would be constructed, and how you can recognize and defend against them.

Day 1

Introduction

  • The reality
  • What might an attacker want?
  • Security is relative

HTTPS

  • Man-in-the-middle attacks
  • HTTP session hijacking
  • Replay attacks
  • HTTPS
  • Certificates

Encoding

  • Character encoding
  • Unicode
  • Encoding (UTF-7, UTF-8, UTF-16)
  • Canonicalization & Normalization

XSS

  • Stored XSS
  • Reflected XSS
  • DOM Based XSS
  • XSS Preventions

Cross site request forgery (CSRF)

  • Prevention
  • Synchronizer Token Pattern
  • Double Submit Cookies
  • CSRF & ASP.NET Web Forms
  • CSRF & ASP.NET MVC
  • CSRF & Ajax

Injections

  • SQL Injections
  • File path injections
  • HTTP header injections
  • Regular expression injections

Authentication

  • HTTP basic authentication
  • Windows authentication
  • OAuth
  • OpenID
  • Signed requests
  • Form based authentication

Day 2

Denial-of-Service (DoS) attacks

  • Network attacks
  • Application level attacks
  • Regular Expression attacks
  • XML DoS attacks
  • SQL Attacks
  • Slow DoS attacks
  • SSL DoS attacks

Securing web-services

  • JSON Hijacking
  • AJAX attacks

Password management

  • Secure password storage
  • Hashing
  • Secure password recovery process

Information leakage

  • Error handling
  • Source control leaks
  • SQL Timing attacks
  • Login timing attacks
  • Response header leakage
  • Threading leakage
  • Server leaks

Logging & monitoring

  • Logging
  • Monitoring
  • Knowing when the site is under attack
  • Honey pots

Cross Site Port Attacks - (XSPA)

  • Introduction to XSPA attacks

Attacking our site

  • How can we start hacking our self
  • Tools and demonstration

Securing ASP.NET

  • ASP.NET MVC
  • ASP.NET Webforms
  • Deployment

How to make a secure site

  • Security Risk management
  • Infrastructure
  • Secure development

Conclusion

  • Odd attacks
  • Rules that you should follow

Course code: T175
Duration: 2 days
Price: 18 600 SEK

Share



BOOK NOW

Course schedule

Malmö
2014
18-Sep
27-Oct

Stockholm
2014
18-Sep
27-Oct

Göteborg
2014
18-Sep
27-Oct

Target Audience

This course is aimed at web developers.

Pre-requisites

Related Courses

Teachers

Tore Nestenius Consultant and trainer that helps companies with advanced problem solving and mentoring.

Contact us

Please contact us for details:
Tel: 040-61 70 720
info@edument.se
All prices excluding VAT