IT Security for Developers IT Security for Developers

IT Security for Developers

Awareness and Secure Development of Web Applications

Trainers: Stefan Middendorf, Joshua Tiago

In order to make developers aware of vulnerabilities in web applications and to show important countermeasures, we offer our customers a special training on this topic. It includes elements of our “Hacking Extreme Web Applications” training and an additional workshop on secure development. 

It is typically a three-day training. During the first two days, we deal with selected topics from our “Hacking Extreme Web Applications” training to show how attackers think and what techniques they use. 

On day three, based on the Application Security Verification Standard (ASVS) of the Open Web Application Security Project (OWASP), we introduce the most important measures to be taken into account during the design and development of applications to prevent the vulnerabilities we talked about.

Topics of this training include:

  • Security measures at the design and architectural level
  • Input validation (blacklisting, whitelisting)
  • Securing upload functionalities
  • Treatment of output and measures against cross-site scripting vulnerabilities
  • Secure database access (secure login and prevention of SQL injection vulnerabilities)
  • Measures against cross-site request forgery (CSRF)
  • Prevention of errors in authentication and authorization
  • Measures for secure session handling
  • Secure use of encryption
  • Secure development of AJAX functions and web services
  • Use of security measures on the browser side
  • Error handling 

Moreover, in this context we can also address your individual questions concerning the secure development on the platforms used in your company and discuss your source-code examples. Essential measures for the hardening of web and application servers can be discussed on request.  

Please contact us. We would be happy to make you an offer tailored to your needs and to the topics you are interested in.   

Target group
Developers, architects and security experts  

Duration
By arrangement, typically 2-3 days  

Price
By arrangement

Your trainers

Stefan Middendorf

Joschua Tiago

Benjamin Häublein