Web Application Security (DE/EN)
In this hands on course you will learn how to defend your web application. The course is language agnostic, so it doesn’t matter what technology you use.
Relying on firewalls and intrusion detection is a bad idea. Only a securely developed application keeps attackers out.
Content
During the course we’ll cover:
-
Web Basics
- The HTTP
- Sessions
-
Session Management
- Fixiation Attacks
- Low Entropy Attacks
- CSRF
-
OWASP Top 10 in Reality
- Injections
- (No)SQL Injections
- XML Security
- Cross Site Scripting
- Direct Object Enumeration
- Miskonfiguration
- Logic Bugs
-
Complex Attacks
- Desync Attacks (Request Smuggling)
- Bad Randomness
- Race Conditions
- Unicode Attacks
-
Content Security Policy (CSP)
- Theory
- Reality
- Common Problems
-
TLS
- Cryptographic Basics
- Correct Usage of TLS
- TLS 1.3 vs. TLS 1.2
Prerequisites
This class is aimed at web developers. A basic understanding of web technologies, such as HTML and JavaScript ist needed.
Info
- Language: German or English
- Course Duration: 2 days
- Laptop required?: No, a Thinkpad will be prepared
- Price: 600 Euros per day
- Certification: Fraunhofer Academy Certificate, itsec.rocks 1337 certificate (optional)
Target Audience
The course is best suited for:
- Web Developers
- Backend Developers
- Software Architects
- Programmers
- Penetration Testers Interested in Defense
- Code Auditors
If you’re unsure whether it’s suited for you, contact us at course@itsec.rocks.
Booking
The next available training dates are:
-
- / 21.08.2020
- or suggest an individual date
To book a training, please send an email to booking@itsec.rocks, stating your name and the number of participants. You will receive a confirmation by the Fraunhofer Academy shortly after.
Trainer
Ruben Gonzalez
My name is Ruben Gonzalez and I’m a security engineer from Bonn.
In my work life I have experienced facettes of security as admin, programmer, evaluator and security engineer. Most weekends I spend hacking at the redrocket.club, which I co-founded. I hold a masters degree in computer science and I am certified Linux professional (LPIC and Novell).
I am also a Ph.D. student with a research focus on cryptographic protocols, such as (D)TLS. During code audits I have found quite some interesting vulnerabilities that I love to talk about.
Apart from itsec.rocks I teach a course about hacking and web security at the university.
Lukas Schauer
My name is Lukas Schauer, I’m a security researcher, developer, system administrator and hacker from Bonn.
I started developing and network administration very early. Actually by managing my schools network infrastructure. Since then I’ve acquired skills in different areas, especially in software development. I am - among other things - maintaining dehydrated, manage the institutes network and break the security of embedded devices.
As part of RedRocket I’m constantly learning new ways of attacking and protecting software and networks.