What you'll learn:
- Security of Web Applications
- Secure Programming Patterns
- Security Baselines
Understand Application Security: Numerous successful attacks on well-known web applications on a weekly basis should be reason enough to study the background of "Web Application Security" of custom-made or self-developed applications.
Computer systems are ubiquitous and part of our working and private everyday life. For companies it is increasingly complex and difficult to keep up their IT security with the current technical progress. Large enterprises establish security processes which are created according to industry standards (e.g., ISO 27001). These processes are very complex and can only be implemented by teams of security experts. Constant quality assurance, maintenance and adaptation also belong to an IT security process.
It does not matter if a company develops products or runs an online shop, IT security is a characteristic feature. Security incidents, which maybe even reach public uncontrolled, do not only damage the business image but may also lead to legal or financial consequences.
Intro
Typical Vulnerabilities Overview
Cause & Background
Secure Programming in general
Code/Command Injection in general
(No)SQL Code Injection
Cross-Site Request Forgery (CSRF)
Cross-Site Scripting (XSS)
Open Redirection
File Inclusion / Directory Traversal
Clickjacking
Session-Hijacking
Information Disclosure
Attacks on Weaknesses of the Authentication
Denial of Service
Middleware
Third-Party Software
Summary and Conclusion
The principles taught in this course are language and platform independent. However, the course will include examples for Java and PHP.
Instructor Frank Hissen, Computer Scientist and Security Expert, teaches IT security for over 20 years and works for companies of all sizes as IT Security Consultant and Software Engineer.
