Web Security Fundamentals: Session 1 of 4 sessions

Kun for medlemmer
This course is constantly improved as new security vulnerabilities, and best practices emerge

Briefly about the teaching in Session 1: Today’s internet is a very rough place, with robots, spies, states, hackers, and other evil entities constantly roaming around the web looking for vulnerable web applications to attack. Because of this, it is very important that every developer has the necessary skills to protect their applications. In this hands-on course, you will learn the fundamentals of how the web works, how to protect your applications, and how attacks are performed. It goes beyond the OWASP TOP-10 and gives you many concrete examples of how to fail and how to protect your applications.

This course is constantly improved as new security vulnerabilities, and best practices emerge.

Content
● Introduction ● Character encoding ● HTTPS ● Certificates ● XSS - Part 1 ● XSS - Part 2 ● CSP-Part 1 ● CSP-Part 2 ● CSRF ● Securing our cookies ● SameSite cookies ● Securing the session ● And much more…

Audience:
This course targets developers on all platforms, including .NET, Java, and PHP.

Prerequisites
You should have basic web development experience, including HTML, CSS and JavaScript. After the course, the participant can: After the course, the participant will have a thorough understanding of web security, capable of identifying and defending against common security threats such as XSS, CSRF, ensuring robust protection for web applications

Instructor Tore Nestenius is an independent software consultant and trainer based in Helsingborg, Sweden. For the last 10 years, he has been training developers all around the world in software architecture, web security, OpenID-connect, C#/.NET and domain-driven design. When he is not teaching, he is mentoring and coaching developer teams all around Europe.

  • You must register for each session separately.
  • The webinar will not be recorded and shared.
  • Link will be sent the day before the course


Session 1 – Tuesday 6 OCT at 17-20
This session lays the foundation by explaining how the web works and why security is critical in today’s threat landscape. It introduces key risks such as social engineering and highlights the importance of protecting user data. You will explore how character encoding and Unicode can introduce subtle vulnerabilities if handled incorrectly. The session then moves into HTTP and HTTPS, explaining how secure communication is established. By the end, participants will understand how data travels across the web and where it can be exposed.

Session 2 – Tuesday 20 OCT at 17-20
This session focuses on securing communication through certificates and understanding trust on the web. Participants will learn how certificate authorities work, how certificates are managed, and how to avoid common pitfalls. The session then dives into Cross Site Scripting, one of the most common and dangerous web vulnerabilities. Through practical examples, you will see how XSS attacks are performed and how improper input handling leads to exploitation. The session emphasizes defensive techniques such as proper data sanitization and output encoding.

Session 3 – Thursday 12 NOV at 17-20
This session explores advanced browser-side protections using Content Security Policy. You will learn how to design, implement, and deploy CSP to reduce the impact of client-side attacks. The session then covers Cross Site Request Forgery, explaining how attackers exploit user sessions and trusted browsers. Participants will understand how cookies play a central role in CSRF attacks. Practical mitigation strategies such as anti-CSRF tokens and secure cookie handling are demonstrated.

Session 4 – Thursday 19 NOV at 17-20
This session focuses on protecting session integrity and securing cookies in modern web applications. You will learn how cookie attributes like HttpOnly, Secure, and SameSite help prevent common attacks. The session also explores how attackers attempt to hijack sessions and how to detect suspicious behavior. Techniques such as fingerprinting and multi-factor authentication are introduced to strengthen session security. By the end, participants will understand how to maintain secure user sessions in real-world environments.

The agenda per session is the following:

Session #1
1 - Introduction
2 - Character encoding
3 - HTTPS

Session #2
4 - Certificates
5 - XSS - Part 1
6 - XSS - Part 2

Session #3
7 - CSP-Part 1
8 - CSP-Part 2
9 - CSRF

Session #4
10 - Securing our cookies
11 - SameSite cookies
14 - Securing the session

 

Tilmeld dig gratis til arrangementet

Bliv medlem af PROSA

Som medlem af PROSA får du en lang række fordele, som bl.a.

  • Gratis kurser
  • Juridisk rådgivning
  • Faglige netværk
  • Gode bankaftaler og forsikringer

Læs mere

PROSA – din IT-fagforening
God nyhed: Ingen cookies her

Vi indsamler kun statistik på vores egen server uden at bruge cookies.

Ingen person-tracking, ingen profilering, ingen "accepter alle"-knapper.

GDPR-artikel 5 kalder det dataminimering.

Vi kalder det god stil.