-
Learning by doing
-
Trainers with practical experience
-
Classroom training
-
Detailed course material
-
Clear content description
-
Tailormade content possible
-
Training that proceeds
-
Small groups
Security is a hot item. You cannot open a newspaper or a new vulnerability or cyber attack has been found. Users and applications are subject to many risks. Given the interests involved, it is evident that developers must be well aware of the dangers of insufficient security. SpiralTrain therefore provides various classroom security training courses about security risks and what you can do about them. Visit our LinkedIn, Facebook or Instagram page for an impression of SpiralTrain. Click on the links below for more information about the courses and the schedule.
SSL stands for Secure Sockets Layer. TLS or Transport Layer Security is an adapted, even more secure, form of SSL. But because the term SSL is more established, we still talk about SSL. SSL is the industry standard technology to keep an Internet connection secure and protect sensitive data sent between two systems, preventing criminals from reading and modifying the information transferred. Typically an SSL certificate is installed on a server that allows a browser to recognize that the server is reliable and capable of establishing a secure connection over HTTPS. SSL also has client certificates with which a server can recognize that a client can be trusted. Client certificates are typically installed in the browser.
Cross-site scripting (XSS) is a common security attack that injects malicious code into a vulnerable web application. XSS differs from other security attacks such as SQL injection in that XSS is not aimed directly at the application itself. Instead the users of the web application are at risk. Depending on the severity of the attack, accounts could be compromised, Trojans activated or content altered. Users can thus be tricked into handing over private information. Stealing session cookies is also possible.
Cross-Site Request Forgery (CSRF) is an attack that leads an end user to perform unwanted actions on the web application they are currently logged into. With the help of social engineering such as sending a link via email, an attacker can trick the users of a web application into performing the attacker’s actions. A successful CSRF attack can lead to a money transfer or email address change.
SQL Injection is a web security vulnerability that allows an attacker to alter the queries an application sends to the database. SQL Injection allows an attacker to view data that they normally would not be able to see. In many cases an attacker can then alter or delete this data, causing permanent changes to the content or behavior of the application.