Eckdaten
Target audience: web developers, software developers | Duration: 2 days | 9:00–17:00 | Trainer: Martina Kraus | Location: online | Number of participants: 4-12
Description
The seminar covers which errors lead to web security vulnerabilities and how these can be exploited. It enables the independent identification and avoidance of security vulnerabilities in daily development.
The goal is to deepen knowledge in the field of IT security for individuals with experience in web development.
The training takes place as an online video conference; all necessary information and access data will be sent in advance by email.
Agenda
IT Security Basics
- Security principles
- Hashing/Encryption/Encoding
- Symmetric / asymmetric encryption
- Authentication & Authorization
- Important Algorithms & Principles
Security Concepts in Web Applications
- Same Origin Policy
- Cookie Security (Cookie attributes like httpOnly)
- HTTP Security
- Proper Use of Security-Relevant HTTP Headers
- Content Security Policy (CSP)
- Transport Encryption
- Proper Use of Two-Factor Authentication
- JWT
-
OAuth2 and OpenID Connect
etc.
Practical Application of Security Concepts
-
How to Ensure Data Integrity, Even When
- Data Runs Over Unsecure Channels
- Securing the Communication Path
-
What to Consider
- When Implementing Authentication
- Storing Passwords Securely
- Using a Web Framework
-
Secure Implementation of
- Forms and File Uploads
- Denial-of-Service Protection Strategies
- Security Measures for the Frontend and
- Secure API Development, Including REST Services
Attacks on Web Applications
- OWASP Top 10
- Credential Attacks
- Cross-Site Scripting
- Cross Site Request Forgery (CSRF)
- Various Injection Attacks (e.g., SQL)
- DoS
Securing Web Applications
- Against the Introduced Attack Vectors
Introduction to Vulnerability Testing of a Web Application
- Manual and Automatic Tools
- Static and Dynamic Analysis for Scanning Vulnerabilities
Target Audience
The target audience of this course includes individuals who implement, design, or evaluate technical backgrounds of web applications in the frontend or backend.
Participants should have a solid understanding of basic web technologies, including HTTP, HTML, basic JavaScript, and ideally a dynamic backend language of choice.