Web Security Fundamentals – 1 of 4 sessions

This course is for developers on any platform, including .NET, Java, Node.js, and PHP

Briefly about the teaching
Today’s internet is a very rough place, with robots, spies, states, hackers, and other evil entities constantly roaming around the web looking for vulnerable web applications to attack. Because of this, it is very important that every developer has the necessary skills to protect their applications.

In this four-part hands-on course, you will learn the fundamentals of how the web works, how to protect your applications, and how attacks are performed. It goes beyond the OWASP TOP-10 and gives you many concrete examples of how to fail and how to protect your applications.

By the end of the course, you’ll understand how to identify and defend against common web security threats like XSS, CSRF, and more.
Security is a large subject, and instead of briefly touching on everything, we’ve chosen a few key areas where we can take the time to go a bit deeper.

What to expect from this course
This course is structured as a four-part series, covering about three chapters each evening. Each chapter starts with a presentation and live demonstration of key concepts by the instructor. After that, you’ll get a fixed amount of time to work on exercises that help reinforce what you’ve learned.

Because the schedule is tight, we can only spend a set amount of time on each exercise. If you don’t finish during class, you’ll have the chance to complete the remaining exercises on your own afterward. During the course, you’ll also have access to a private chat channel where you can ask questions both during and between the sessions.

Important
The sessions build on each other. You should attend from the start, as the instructor won’t be able to provide support for missed sessions.

Prerequisites
You should have basic experience with web development, including HTTP, HTML, CSS, and JavaScript. To complete the exercises, you need to be able to install Fiddler Classic on a Windows machine. If you're on macOS or Linux, you can use Fiddler Everywhere instead. Both versions are available at getfiddler.com. Installing the tool is part of the course exercises.

After the course, the participant will have a good fundamental understanding of web application security, be capable of identifying and defending against common security threats such as XSS, CSRF, and other attacks.

Instructor
Tore Nestenius is an independent software consultant and trainer based in Helsingborg, Sweden. For over 15 years, he has taught developers worldwide in software architecture, web security, OpenID Connect, C#/.NET, and Azure. He is also a Microsoft .NET MVP.

Across the four sessions, we’ll cover these topics:

Session #1 - Thursday 30 October 17-20
● Introduction
● Encoding
● HTTPS

Session #2 - Thursday 13 November 17-20
● Certificates
● Cross-Site Scripting (XSS) - Part 1
● Cross-Site Scripting (XSS) - Part 2

Session #3 – Thursday 20 November 17-20
● Content Security Policy (CSP) - Part 1
● Content Security Policy (CSP) - Part 2
● CSRF

Session #4 – Thursday 27 November 17-20
● Securing our cookies
● SameSite cookies
● Securing the session
● And much more

Dates: Thursdays 30.10, 13.11, 20.11, 27.11
Place: Online. Link will be sent by mail on the day of the session.

Tilmeld arrangement

Bliv medlem af PROSA

Som medlem af PROSA får du en lang række fordele, som bl.a.

  • Gratis kurser
  • Juridisk rådgivning
  • Faglige netværk
  • Gode bankaftaler og forsikringer

Læs mere