Kurs: Web Security for Developers


Klasserom2 dagerKursNorsk
Start Sted Språk
08.05.17 Glasspaper AS, Brynsveien 12, 0667 Oslo, Oslo Norsk



The web is a great software delivery platform, making your software available to users around the world with zero installation and easily deployed updates. Unfortunately, it also exposes you to an army of adversaries - some human, some bot - who have darker goals: to cause loss to your data or reputation, subvert your resources for their own gain or attack your user base.

This course helps you to develop a security-oriented mindset. It explores the way the web works, so you have a way to understand how various vulnerabilities arise. Then, with those foundations laid, it covers a range of common and less common vulnerabilities, how an attack based on them would be constructed, and how you can recognize and defend against them.

 

Day 1
Module 1: Developing a security-oriented mindset

  • The economics of security
  • Attack vectors: technical, social, physical
  • Security in depth
  • The issues with security by obscurity
  • Positive vs negative validation

Module 2: Analysing HTTP request/response

  • Understanding the HTTP protocol
  • Using a HTTP analyser
  • Request header content
  • Response header content
  • GET vs POST and the implications
  • Assembling and making custom fake requests
  • Tracing an AJAX application's HTTP flow

Module 3: Injection vulnerabilities

  • Concept and overall defense strategy
  • SQL injection
  • Path injection
  • HTTP header injection
  • Mail header injection
  • XPATH injection
  • Regex injection

Module 4: Attacks from the client side

  • Cross site scripting (XSS)
  • Cross site request forgery (CSRF)

 

Day 2

Module 5: Authentication and authorization issues

  • Comparing password protection
  • Securing password storage
  • Handling password changes and resets securely
  • Session poisoning and session stealing
  • Direct object reference vulnerabilities
  • Securing static objects
  • Securing AJAX

Module 6: Exploiting trust relationships

  • Social engineering basics
  • Phishing
  • Unvalidated re-directs and forwards
  • Weaknesses due to faked referrers
  • Dangers related to shared hosting and shared domains
  • Unicode homograph related issues

Module 7: Information leakage

  • The dangers of bad error handling
  • Managing risks in open APIs
  • Timing attacks

Module 8: Denial of Service attacks

  • How DoS attacks arise
  • DoS vs DDoS
  • XML poisoning attacks
  • Regex backtracking blow-up attacks

 

Les mer om Glasspaper as

Les mer om kurset: Web Security for Developers



Forkunnskaper


About the instructor
Tore Nestenius has worked as a consultant since 1997 and is a very knowledgeable system developer and has in the past worked for large companies like Ericsson and Flextronics. Early in his career, Tore Nestenius started Programmers Heaven - a portal with over 750 000 monthly users. He’s behind several other successful projects like CodePedia - a Wiki for developers, the Open Source project TNValidate, and the C# School e-book with over 100 000 downloads.



Varighet


9-16



Studiepoeng


About the instructor: Tore Nestenius
Tore Nestenius has worked as a consultant since 1997 and is a very knowledgeable system developer and has in the past worked for large companies like Ericsson and Flextronics. Early in his career, Tore Nestenius started Programmers Heaven - a portal with over 750 000 monthly users. He’s behind several other successful projects like CodePedia - a Wiki for developers, the Open Source project TNValidate, and the C# School e-book with over 100 000 downloads.



Målgruppe


This course is aimed at web developers.



 

Påmelding
Web Security for Developers hos Glasspaper
Start her
100% sikkert skjema
Tar ett minutt å fullføre
Hurtig respons

KAMPANJE!!!
Felt som er merket med * må fylles ut
Ønsket valuta *
Dato og sted *
Kursdeltakere
Hvor mange? (Gavekort)
Kampanjekoden er korrekt og rabatt er lagt til.
Fant ingen kampanje. Skrev du kampanjekoden riktig?
Kampanjekode er korrekt, men kampanjen gir ikke bedre pris enn nåværende kampanje.
Deltaker {{$index+1}}
Filen ble lastet opp
Filen ble fjernet
Laster opp... {{item.upload_progress}}%
{{ file.file.name }} Fjern
{{total_price | fprice}} kr {{currency}}
{{total_price-total_with_discount | fprice}} kr {{currency}}
{{total_with_discount | fprice}} kr {{currency}}
{{total_vat | fprice}} kr {{currency}}
X

MVA per produkt:

{{arr[1]}}
Betalingsmåte *
Number: 1+2 *
Vennligst rett opp følgende og forsøk igjen
{{errors_msg}}
Sender...
Vent til opplasting av fil er ferdig

Dette skjemaet er 100% sikkert.
Glasspaper vil snart kontakte deg og bekrefte!



 

Åpen deltakerdiskusjon om kurset eller emnet

Del gjerne din erfaring eller tanker om dette kurset eller temaet med andre!



Anbefalinger fra andre brukere