"Vi hjelper deg å nå dine kompetansemål i 2017"


Web Security for Developers

Kursavgift: kr 13 900 | Varighet: 2 dager

Beskrivelse:

The web is a great software delivery platform, making your software available to users around the world with zero installation and easily deployed updates. Unfortunately, it also exposes you to an army of adversaries - some human, some bot - who have darker goals: to cause loss to your data or reputation, subvert your resources for their own gain or attack your user base.

This course helps you to develop a security-oriented mindset. It explores the way the web works, so you have a way to understand how various vulnerabilities arise. Then, with those foundations laid, it covers a range of common and less common vulnerabilities, how an attack based on them would be constructed, and how you can recognize and defend against them.


Forkunnskaper:

This course is aimed at web developers.


About the instructor
Tore Nestenius has worked as a consultant since 1997 and is a very knowledgeable system developer and has in the past worked for large companies like Ericsson and Flextronics. Early in his career, Tore Nestenius started Programmers Heaven - a portal with over 750 000 monthly users. He’s behind several other successful projects like CodePedia - a Wiki for developers, the Open Source project TNValidate, and the C# School e-book with over 100 000 downloads.


Innhold:

Day 1

Module 1: Developing a security-oriented mindset
  • The economics of security
  • Attack vectors: technical, social, physical
  • Security in depth
  • The issues with security by obscurity
  • Positive vs negative validation

Module 2: Analysing HTTP request/response

  • Understanding the HTTP protocol
  • Using a HTTP analyser
  • Request header content
  • Response header content
  • GET vs POST and the implications
  • Assembling and making custom fake requests
  • Tracing an AJAX applications HTTP flow

Module 3: Injection vulnerabilities

  • Concept and overall defense strategy
  • SQL injection
  • Path injection
  • HTTP header injection
  • Mail header injection
  • XPATH injection
  • Regex injection

Module 4: Attacks from the client side

  • Cross site scripting (XSS)
  • Cross site request forgery (CSRF)

Day 2

Module 5: Authentication and authorization issues

  • Comparing password protection
  • Securing password storage
  • Handling password changes and resets securely
  • Session poisoning and session stealing
  • Direct object reference vulnerabilities
  • Securing static objects
  • Securing AJAX

Module 6: Exploiting trust relationships

  • Social engineering basics
  • Phishing
  • Unvalidated re-directs and forwards
  • Weaknesses due to faked referrers
  • Dangers related to shared hosting and shared domains
  • Unicode homograph related issues

Module 7: Information leakage

  • The dangers of bad error handling
  • Managing risks in open APIs
  • Timing attacks

Module 8: Denial of Service attacks

  • How DoS attacks arise
  • DoS vs DDoS
  • XML poisoning attacks
  • Regex backtracking blow-up attacks




Bestill kurset her

arrow

Velg kurssted

    arrow

    Velg dato


    kurs merket med * har startgaranti

    arrow

    Mailen er sendt:

    Ditt tips er registrert og sendt!
    Vi håper snarlig å se deg på kurs hos oss!

    Feilmelding:

    OBS! Vi har problemer med å sende ditt tips!

    Vi anbefaler deg å sjekke om du har skrevet inn en gyldig mailadresse.

    Tips sjefen

    Lyst til å delta på dette kurset, men må overbevise sjefen først?

    Glasspaper har laget en tips funksjon, som gjør det enklere for deg å overbevise din sjef om at dette kurset er perfekt for deg.
    Det eneste du trenger å gjøre er å fylle ut kontaktinformasjon, så sender vi relevant informasjon om kurset rett til dine utvalgte kontaktpersoner.
    Bruk gjerne funksjonen til å tipse venner og kollegaer om at dette er et nyttig kurs for dem





    Kontakt oss

    Kursansvarlig

    Henning Solberg

    93 09 01 29

    henning@glasspaper.no


    Glasspaper er kåret til Årets Microsoft Kurspartner 2017 - dette er åttende år på rad vi mottar denne hedersprisen