Advanced Web Threats (6-7 July)

ESICEE Editor Avatar

The course intends to pick up where “Top 10 Web Threats” left off – namely to deepen the understanding of the top vulnerabilities and to broaden the scope of vulnerabilities that are discussed.

 

When: 6-7 July 2017
Where: Sofia, Bulgaria

 

This two-day course includes live demos of attacks, exercises in detecting and leveraging threats, examples of weak and vulnerable code and the process of repairing it and fixing vulnerabilities, mitigation tactics, developer-specific best practices and discussions on how not to write vulnerable code in the process of daily work. The course is mostly technical and not organizational.

 

In this advanced course, CyResLab has additionally included exercises in which participants in turn attempt to fix and attack particular implementations. A heavier focus is be placed on labs.

 

The “Advanced Web Threats” course includes free access to an interactive online exercise environment for one week, following the course’s completion.

 

Objective: To prepare developers for dealing with real-world sophisticated attacks, so they can properly design and code in order to deliver a resilient and secure product.

 

Course agenda:

  • Introduction
  • Advanced SQL & NoSQL Injection
  • Advanced XSS & HTML-only Injection
  • Server-side request forgery
  • XML Injection
  • Advanced CSRF Examples & Labs
  • OpenID & OAuth
  • Integer security
  • Basics of Secure Coding

 

Prerequisites: The course requires a deep understanding of web technologies and strong programming skills. Suggested background is the ESI CEE’s Cyber Resilience Lab (CyResLab) “Top 10 Web Threats” course, “Introduction to Practical Cryptography for IT specialists” course or equivalent knowledge.

 

Ideal for: Web front-end and back-end developers, software engineers and architects that have a good grasp on development processes but have had no specific training in security. Also appropriate for mobile developers working on hybrid and/or pure-Web platforms.

 

Instructor/s: Professionals from ESI CEE Cyber Resilience Lab (CyResLab), partner of Software Engineering Institute, Carnegie Mellon University.

 

Certificate: Upon successful completion of the course, attendees will receive a certificate from ESI CEE.

 

Confirm your interest to book your place or contact us for any questions concerning registration and further details at tina (at) esicenter (dot) bg or +359 883 421 983 – Christina Todorova

Skip to content