Web Application Security

Duration: 2 days

Requirements: basic software evelopment knowhow

Description:

This course is adressed to (mainly web) applications developers and project managers with development experience. You will learn more advanced techniques to detect more complex vulnerabilities in your applications. The countermeasures for developers are explainded as well as the needful processes in application development lifecycle.

Content:

  • Introduction
  • How to break webapplications
  • Practical demonstration of known vulnerabilities
  • How to identify vulnerabilities (Pentesting Webapps)
  • How to design complex webapplications
  • Planning for security mechanisms
  • Secure authentification
  • Security Application Lifecycle
  • Applications security as a business process
  • How to write Secure Codes
  • Input & output validation/testing
  • Basics of regular expressions
  • How to secure applications, with pratical examples
  • Information gathering
  • Recommended readings and Web Links

Maximum number of participants: 8

TROOPERS11 - New date
TROOPERS12 takes place in March, 29th - 23rd, 2012 in Heidelberg. Mark your calendars now and sign up for the official TROOPERS newsletter to stay up-to-date. [More]
Security Testing
Testing IT security is one of the core competences of ERNW. Many of our customers get their IT infrastructure and (Web) applications checked on a regular basis. This may either be done on a very technical level in terms of penetration testing or in a more formal way in terms of general security audits, during which we verify the IT Security Compliance of your company compared to best practices according to ISO17799/ISO27001 ... [More]
Research & Technology-Evaluation
Research is the foundation of our Know-How leadership. The objections of this work is to unveil security flaws and vulnerabilities in protocols, technologies and products. Some findings derive from design-flaws, some from poor implementation on a technical level.... [More]