Webutviklingskurs innen HTML5, CSS3,

JavaScript, jQuery, ASP.NET & MVC!


Web Security for Developers

Kursavgift: kr 13 900 | Varighet: 2 dager

Beskrivelse:

The web is a great software delivery platform, making your software available to users around the world with zero installation and easily deployed updates. Unfortunately, it also exposes you to an army of adversaries - some human, some bot - who have darker goals: to cause loss to your data or reputation, subvert your resources for their own gain or attack your user base.

This course helps you to develop a security-oriented mindset. It explores the way the web works, so you have a way to understand how various vulnerabilities arise. Then, with those foundations laid, it covers a range of common and less common vulnerabilities, how an attack based on them would be constructed, and how you can recognize and defend against them.

Målgruppe:

This course is aimed at web developers.


Forkunnskaper:

You should have basic web development experience.


About the instructor
Tore Nestenius has worked as a consultant since 1997 and is a very knowledgeable system developer and has in the past worked for large companies like Ericsson and Flextronics. Early in his career, Tore Nestenius started Programmers Heaven - a portal with over 750 000 monthly users. He’s behind several other successful projects like CodePedia - a Wiki for developers, the Open Source project TNValidate, and the C# School e-book with over 100 000 downloads.


Innhold:

Day 1


Introduction
  • The reality
  • What might an attacker want?
  • Social Engineering
HTTPS
  • Man-in-the-middle attacks
  • Certificates
  • Certificate pinning
  • Securing cookies
  • HTTP Strict Transport Security header
Encoding
  • Character encoding
  • Unicode
  • Encoding
Cross Site Scripting
  • Stored XSS
  • Reflected XSS
  • DOM Based XSS
  • XSS Preventions
Content Security Policy
  • Headers and directives
  • CSP Reporting
Cross site request forgery (CSRF)
  • CSRF Prevention
  • Synchronizer Token Pattern
  • Double Submit Cookies
Injections
  • SQL Injections
  • File path injections
Authentication & Authorisation
  • OAuth
  • OpenID Connect
  • Signed requests
  • Form based authentication
  • Securing the session

Day 2


Denial-of-Service (DoS) attacks
  • Network attacks
  • Application level attacks
  • Regular Expression attacks
  • XML DoS attacks
  • Decompression bombs
Password management
  • Secure password storage
  • Hashing
  • Salt and pepper
Information leakage
  • Error handling
  • Source control leaks
  • SQL Timing attacks
  • Login timing attacks
  • Response header leakage
  • Search engine leakage
  • Server leaks
Logging & monitoring
  • Logging
  • Monitoring
  • Knowing when the site is under attack
  • Honey pots
Attacking our site
  • How can we start hacking our self
  • Hacking tools
Penetration testing
  • Hack your self

Epost mottat


Du er nå meldt på nyhetsbrevlisten

Epost mottat


Du er nå meldt på nyhetsbrevlisten

Bestill kurset her

arrow

Velg kurssted

    arrow

    Velg dato

    kurs merket med * har startgaranti

    arrow

    Mailen er sendt:

    Ditt tips er registrert og sendt!
    Vi håper snarlig å se deg på kurs hos oss!

    Feilmelding:

    OBS! Vi har problemer med å sende ditt tips!

    Vi anbefaler deg å sjekke om du har skrevet inn en gyldig mailadresse.

    Tips sjefen

    Lyst til å delta på dette kurset, men må overbevise sjefen først?

    Glasspaper har laget en tips funksjon, som gjør det enklere for deg å overbevise din sjef om at dette kurset er perfekt for deg.
    Det eneste du trenger å gjøre er å fylle ut kontaktinformasjon, så sender vi relevant informasjon om kurset rett til dine utvalgte kontaktpersoner.
    Bruk gjerne funksjonen til å tipse venner og kollegaer om at dette er et nyttig kurs for dem





    Kontakt oss

    Kursansvarlig

    Henning Solberg

    93 09 01 29

    henning@glasspaper.no


    Glasspaper er kåret til Årets Microsoft Kurspartner 2017 - dette er åttende år på rad vi mottar denne hedersprisen