Sicherheit von Web-Anwendungen – Entwicklersicht
What you'll learn
- Sicherheit von Web-Anwendungen
- Konkrete Entwicklungsparadigmen
- Sichere Programmierstrukturen
- Sichere Entwicklungsgrundsätze
Requirements
- Software-Entwicklung
- Web-Anwendungen
Description
Applikationssicherheit verstehen: Zahlreiche erfolgreiche Angriffe auf bekannte Web-Anwendungen finden wöchentlich Einzug in einschlägige Medien. Grund genug bei der Entwicklung eigener Anwendung - egal ob zur rein internen Nutzung oder mit öffentlichem Zugang - sich mit den Hintergründen der "Web Application Security" zu beschäftigen.
Dieser Kurs behandelt dabei nicht verwandte Themen wie Sichere (Netzwerk-)Infrastrukturen, Betriebssystemsicherheit, Patch Management, Firewall Architekturen etc. sondern fokussiert sich ausschließlich auf die Anwendungsebene - dem zentralen Tätigkeitsfeld eines Softwareentwicklers:
Intro
Klassifizierte Schwachstellen Übersicht
Ursachen & Hintergründe
Sichere Programmierung allgemein
Code/Command Injection in general
(No)SQL Code Injection
Cross-Site Request Forgery (CSRF)
Cross-Site Scripting (XSS)
Open Redirection
File Inclusion / Directory Traversal
Clickjacking
Session-Hijacking
Information Disclosure
Attacks on Weaknesses of the Authentification
Denial of Service
Middleware
Third-Party Software
Abschluss & Zusammenfassung
Who this course is for:
- Software-Entwickler
- Web-Entwickler
- IT-Projektleiter
Course content
- Preview02:06
- 02:39Klassifizierte Schwachstellen Übersicht
- 08:09Ursachen & Hintergründe
- 03:34Sichere Programmierung allgemein
Instructor
Frank Hissen successfully studied Computer Science at Darmstadt University of Technology (Germany) focusing on IT security. For over 15 years, he works as IT consultant and software engineer; for over 10 years, he also works in various positions as security expert in IT development and consulting projects. He mainly worked for large businesses but also medium-sized companies.
He develops software and system architectures for complex systems and implements them or supervises the implementation. Moreover, he creates studies and function specifications.
In the area of IT security, Mr. Hissen is specialized in applied and technical IT security. For major as well as smaller companies, he equally developed and implemented security solutions and accompanied processes for secure product and software development.
In the area of cryptography and encryption, Mr. Hissen developed security solutions as Senior Solution Engineer at SECUDE before he became self-employed in 2009. Since then he works as freelancing expert in the area of web and cloud application security. He creates secure conceptual designs of system architectures but also takes care of their secure implementation and corresponding security requirements. One other focus is the technical examination and validation of the actual implementation.
Until now, Mr. Hissen worked in various projects amongst others for Deutsche Telekom AG, SECUDE, Allianz AG, ITO Darmstadt UT and SAP Research.