Practical Web Security Overview
Course Length: 1 Day
The course gives an overview of the applicable security solutions in web applications, focusing on the most important technologies like Web Services, and tackling both transport-layer security and end-to-end security solutions. The most severe security threats of web-based technologies are introduced through a number of hands-on exercises, prepared in a plug-and-play manner by using a preset VMware virtual machine, including injection-related flaws, Cross Site Scripting, Cross Site Request Forgery, some other input validation-related bugs, improper use of cryptographic features, and many more.
Students will need to bring a laptop with VMWare
Skill: Intermediate, Advanced
- The objective of the course is to provide essential security skills not just for security engineers but also for all programmers, software architects, analysts, testers and reviewers.
- The course raises the awareness of attendees to practical security problems by demonstrating the dangers of exploitable vulnerabilities and by giving an insight to the organized underground, the spam-distribution, phishing, bot-nets and all threats that are built on the exploitation of those implementation flaws.
- Attendees learn how to avoid these dangers, how to write secure code, how to apply architectural techniques and use applicable security services to increase the quality and security of software products in a cost-effective way.
Instructor: Zoltán Hornák. The owner and managing director of SEARCH-LAB, Zoltán completed his degree at the Technical University of Budapest. He spent eight years in the anti-virus industry as the development director of VirusBuster, and then worked as a security consultant. He established SEARCH Laboratory and launched two spin-off companies. He has led numerous R&D projects and product security audits for market leading ICT companies. He is a lecturer at the Budapest University of Economics and Technology and gives secure coding courses worldwide. He is a CISA, a member of the ISACA, the SAFECode and the John von Neumann Computer Society.]]