Learning by doing
Trainers with practical experience
Detailed course material
Clear content description
Tailormade content possible
Training that proceeds
The Web Application Security course discusses the most common security risks in web applications and how they can be tackled. At a time when attacks on applications seem to be on the rise, it is vital for developers to be aware of the types of threats and how the applications can be armed against them.
The course starts with a discussion of the most common security issues as identified in the Open Web Application Security Project (OWASP). This includes the risks of vulnerabilities in libraries, the importance of minimizing the attack surface of an application and vulnerabilities in authentication control.
Attention is also paid to SQL Injection, where an attacker places malicious code in SQL statements. SQL Injection is usually due to unchecked user input being used to create SQL statements. The consequences of SQL Injection can be serious such as data corruption, data theft or data destruction.
Next up in the course is the discussion of CSRF. Attention is paid to how CSRF executes malicious commands on behalf of a user trusted by the web application. Specially designed image tags or hidden forms are often used for this.
And Session Hijacking is on the program of the course as well. With Session Hijacking the attacker manages to obtain a session ID via sniffing techniques or XSS and then maliciously exploit it.
Finally the course Web Application Security discusses securing web applications by means of SSL or TLS. An encrypted communication channel then ensures that data can be transported securely and digital certificates provide authentication.
The course Web Application Security is intended for web developers who want to learn how to protect web applications against the many security risks.
The course Web Application Security has a hands-on character. The theory is treated on the basis of presentation slides and is interchanged with practical exercises. The course material is in English. Course times are from 9.30 up and to 16.30.
After successful completion of the training the participants receive an official certificate Web Application Security.
Module 1 : Intro Security
Module 2 : Cross Site Scripting
Module 3 : SQL Injection
Top 1O OWASP Risks
Sensitive Data Exposure
Sensitive Data Exposure
Under Protected API's
Coding for Security
HTML Entity Encoding
XSS Prevention Rules
Prevent Untrusted Data
HTML Encode JSON
Sanitize HTML Markup
SQL Injection Exploits
Preventing SQL Injection
Avoiding Dynamic Queries
Allow-List Input Validation
Escaping User Input
Enforcing Least Privilege
Blind SQL Injection
Module 4 : Cross-Site Request Forgery
Module 5 : Session Hijacking
Module 6 : SSL Certificates
Stored CSRF Flaws
IMG or IFRAME Tags
Only Accept POST
Same Origin Policy
Check Referrer Header
Man in the Middle
Hijack TCP-IP Session
SSL and TLS
Public and Private Keys
All our courses are classroom courses in which the students are guided through the material on the basis of an experienced trainer with in-depth material knowledge. Theory is always interspersed with exercises.
We also do custom classes and then adjust the course content to your wishes. On request we will also discuss your practical cases.
The course times are from 9.30 to 16.30. But we are flexible in this. Sometimes people have to bring children to the daycare and other times are more convenient for them. In good consultation we can then agree on different course times.
We take care of the computers on which the course can be held. The software required for the course has already been installed on these computers. You do not have to bring a laptop to participate in the course. If you prefer to work on your own laptop, you can take it with you if you wish. The required software is then installed at the start of the course.
Our courses are generally given with Open Source software such as Eclipse, IntelliJ, Tomcat, Pycharm, Anaconda and Netbeans. You will receive the digital course material to take home after the course.
The course includes lunch that we use in a restaurant within walking distance of the course room.
The courses are planned at various places in the country. A course takes place at a location if at least 3 people register for that location. If there are registrations for different locations, the course will take place at our main location, Houten which is just below Utrecht. A course at our main location also takes place with 2 registrations and regularly with 1 registration. And we also do courses at the customer’s location if they appreciate that.
At the end of each course, participants are requested to evaluate the course in terms of course content, course material, trainer and location. The evaluation form can be found at https://www.klantenvertellen.nl/reviews/1039545/spiraltrain?lang=en. The evaluations of previous participants and previous courses can also be found there.
The intellectual property rights of the published course content, also referred to as an information sheet, belong to SpiralTrain. It is not allowed to publish the course information, the information sheet, in written or digital form without the explicit permission of SpiralTrain. The course content is to be understood as the description of the course content in sentences as well as the division of the course into modules and topics in the modules.