Introduction
This intensive, two-day hands-on course builds upon the foundation established in the “Top 10 Web Threats” course. It delves deeper into the most critical web vulnerabilities, while also expanding the scope of threats explored.
Sharpen Your Skills Through Practical Exercises
- Live Attack Demonstrations: Witness real-world attack scenarios in action, gaining invaluable insights into attacker techniques.
- Vulnerability Detection and Exploitation Exercises: Actively participate in exercises that hone your ability to identify and exploit vulnerabilities.
- Code Review and Repair: Learn to identify and rectify weaknesses in code, putting your newfound knowledge into practice by fixing vulnerable code samples.
- Mitigation Tactics and Best Practices: Explore effective tactics and developer-specific best practices to mitigate threats and prevent vulnerabilities from creeping into your codebase.
- Secure Coding Discussions: Engage in discussions focused on writing secure code from the ground up, integrating security awareness into your daily development workflow.
Course Agenda
- Advanced SQL & NoSQL Injection
- Advanced XSS & HTML-only Injection
- Server-side request forgery
- XML Injection
- Advanced CSRF Examples & Labs
- OpenID & OAuth
- Integer security
- Basics of Secure Coding
Ideal for
Web front-end and back-end developers, software engineers and architects who have a good grasp on development processes but have had no specific training in security. Also appropriate for mobile developers working on hybrid and/or pure Web platforms.
Prerequisites
Required background includes the ESI CEE’s “Top 10 Web Threats” course or equivalent knowledge and skills. The course also requires a deep understanding of web technologies and strong programming skills.
Participants should bring a laptop/tablet device with a modern browser. A keyboard is not required but is highly recommended. A browser different than Google Chrome is required for some of the exercises (Reflected XSS).
Certification
Upon successful completion, attendees will receive a certificate from ESI CEE.
Enroll today and empower yourself to build secure and resilient systems!