"Vi hjelper deg å nå dine kompetansemål i 2017"


Web Security for Developers

Kursavgift: kr 13 900 | Varighet: 2 dager

Beskrivelse:

The web is a great software delivery platform, making your software available to users around the world with zero installation and easily deployed updates. Unfortunately, it also exposes you to an army of adversaries - some human, some bot - who have darker goals: to cause loss to your data or reputation, subvert your resources for their own gain or attack your user base.

This course helps you to develop a security-oriented mindset. It explores the way the web works, so you have a way to understand how various vulnerabilities arise. Then, with those foundations laid, it covers a range of common and less common vulnerabilities, how an attack based on them would be constructed, and how you can recognize and defend against them.

Målgruppe:

This course is aimed at web developers.


Forkunnskaper:

You should have basic web development experience.


About the instructor
Tore Nestenius has worked as a consultant since 1997 and is a very knowledgeable system developer and has in the past worked for large companies like Ericsson and Flextronics. Early in his career, Tore Nestenius started Programmers Heaven - a portal with over 750 000 monthly users. He’s behind several other successful projects like CodePedia - a Wiki for developers, the Open Source project TNValidate, and the C# School e-book with over 100 000 downloads.


Innhold:

Day 1


Introduction
  • The reality
  • What might an attacker want?
  • Social Engineering
HTTPS
  • Man-in-the-middle attacks
  • Certificates
  • Certificate pinning
  • Securing cookies
  • HTTP Strict Transport Security header
Encoding
  • Character encoding
  • Unicode
  • Encoding
Cross Site Scripting
  • Stored XSS
  • Reflected XSS
  • DOM Based XSS
  • XSS Preventions
Content Security Policy
  • Headers and directives
  • CSP Reporting
Cross site request forgery (CSRF)
  • CSRF Prevention
  • Synchronizer Token Pattern
  • Double Submit Cookies
Injections
  • SQL Injections
  • File path injections
Authentication & Authorisation
  • OAuth
  • OpenID Connect
  • Signed requests
  • Form based authentication
  • Securing the session

Day 2


Denial-of-Service (DoS) attacks
  • Network attacks
  • Application level attacks
  • Regular Expression attacks
  • XML DoS attacks
  • Decompression bombs
Password management
  • Secure password storage
  • Hashing
  • Salt and pepper
Information leakage
  • Error handling
  • Source control leaks
  • SQL Timing attacks
  • Login timing attacks
  • Response header leakage
  • Search engine leakage
  • Server leaks
Logging & monitoring
  • Logging
  • Monitoring
  • Knowing when the site is under attack
  • Honey pots
Attacking our site
  • How can we start hacking our self
  • Hacking tools
Penetration testing
  • Hack your self

Bestill kurset her

arrow

Velg kurssted

    arrow

    Velg dato





    kurs merket med * har startgaranti

    arrow

    Mailen er sendt:

    Ditt tips er registrert og sendt!
    Vi håper snarlig å se deg på kurs hos oss!

    Feilmelding:

    OBS! Vi har problemer med å sende ditt tips!

    Vi anbefaler deg å sjekke om du har skrevet inn en gyldig mailadresse.

    Tips sjefen

    Lyst til å delta på dette kurset, men må overbevise sjefen først?

    Glasspaper har laget en tips funksjon, som gjør det enklere for deg å overbevise din sjef om at dette kurset er perfekt for deg.
    Det eneste du trenger å gjøre er å fylle ut kontaktinformasjon, så sender vi relevant informasjon om kurset rett til dine utvalgte kontaktpersoner.
    Bruk gjerne funksjonen til å tipse venner og kollegaer om at dette er et nyttig kurs for dem





    Kontakt oss

    Kursansvarlig

    Henning Solberg

    93 09 01 29

    henning@glasspaper.no


    Glasspaper er kåret til Årets Microsoft Kurspartner 2017 - dette er åttende år på rad vi mottar denne hedersprisen