Instructor: Jim Manico
Duration: 2 days
The major cause of webservice and web application insecurity is insecure software development practices. This highly intensive and interactive 2-day course provides essential application security training for web application and webservice developers and architects.
The class is a combination of lecture, security testing demonstration and code review. Students will learn the most common threats against applications. More importantly, students will learn how to code secure web solutions via defense-based code samples.
Student Requirements: Familiarity with the technical details of building web applications and web services from a software engineering point of view.
Day 1 of the course will focus on web application basics.
- Introduction to Application Security
- Introduction to Security Goals and Threats
- HTTP Security Basics
- CORS and HTML5 Considerations
- XSS Defense
- Content Security Policy
- Intro to Angular.JS Security
- Intro to React.JS Security
- SQL and other Injection
- Cross Site Request Forgery
- File Upload and File IO Security
- Deserialization Security
- Input Validation Basics
- OWASP Top Ten 2017
- OWASP ASVS
Day 2 of the course will focus on API secure coding, Identity and other advanced topics.
- Webservice, Microservice and REST Security
- Authentication and Session Management
- Access Control Design
- OAuth2 Security
- OpenID Connect Security
- HTTPS/TLS Best Practices
- 3rd Party Library Security Management
- Application Layer Intrusion Detection
The course will end with a hacking and secure coding lab!
Laptop Requirements: Any laptop that can run an updated web browser and "Burp Community Edition".
Price: € 2,000
Date: February 3-4, 2020
You will receive CPE Points for participating in the training. The training takes 16 hours. You will get a certificate after having completed the training.
Maritim Hotel Bonn
Telefon: +49 228 8108-0