Secure Programming of Web Applications - Developers and TPMs
What you'll learn
- Security of Web Applications
- Secure Programming Patterns
- Security Baselines
Requirements
- Web Application Knowledge is a plus
- Being a Developer
Description
Understand Application Security: Numerous successful attacks on well-known web applications on a weekly basis should be reason enough to study the background of "Web Application Security" of custom-made or self-developed applications.
Computer systems are ubiquitous and part of our working and private everyday life. For companies it is increasingly complex and difficult to keep up their IT security with the current technical progress. Large enterprises establish security processes which are created according to industry standards (e.g., ISO 27001). These processes are very complex and can only be implemented by teams of security experts. Constant quality assurance, maintenance and adaptation also belong to an IT security process.
It does not matter if a company develops products or runs an online shop, IT security is a characteristic feature. Security incidents, which maybe even reach public uncontrolled, do not only damage the business image but may also lead to legal or financial consequences.
Intro
Typical Vulnerabilities Overview
Cause & Background
Secure Programming in general
Code/Command Injection in general
(No)SQL Code Injection
Cross-Site Request Forgery (CSRF)
Cross-Site Scripting (XSS)
Open Redirection
File Inclusion / Directory Traversal
Clickjacking
Session-Hijacking
Information Disclosure
Attacks on Weaknesses of the Authentification
Denial of Service
Middleware
Third-Party Software
Summary and Conclusion
Furthermore, all students can download the course material as ebook (PDF) looking in the section 2 material which is otherwise only available separately.
Who this course is for:
- Software Developer
- Web Developer
Instructor
Frank Hissen successfully studied Computer Science at Darmstadt University of Technology (Germany) focusing on IT security. For over 20 years, he works as IT consultant and software engineer; for over 15 years, he also works in various positions as security expert in IT development and consulting projects. He mainly worked for large businesses but also medium-sized companies.
He develops software and system architectures for complex systems and implements them or supervises the implementation. Moreover, he creates studies and function specifications.
In the area of IT security, Mr. Hissen is specialized in applied and technical IT security. For major as well as smaller companies, he equally developed and implemented security solutions and accompanied processes for secure product and software development.
In the area of cryptography and encryption, Mr. Hissen developed security solutions as Senior Solution Engineer at SECUDE before he became self-employed in 2009. Since then he works as freelancing expert in the area of web and cloud application security. He creates secure conceptual designs of system architectures but also takes care of their secure implementation and corresponding security requirements. One other focus is the technical examination and validation of the actual implementation.
Until now, Mr. Hissen worked in various projects amongst others for Deutsche Telekom AG, SECUDE, Allianz AG, ITO Darmstadt UT and SAP Research.