Course objective Security for Developers is to help you learn to master the techniques and methodology of hacking (ethics) that are used in penetrating systems. The course is designed for IT enthusiasts, network and systems engineers, security officers.
To protect yourself from hackers, you need to think like a hacker.
This training is based on a practical approach to everyday situations and contains laboratories based on real environments. For demos/labs, target virtual machines are provided.
The objective of the course is to help you learn to master the (ethical) hacking techniques and methodology that are used in penetrating systems. The course is designed for IT enthusiasts, network and systems engineers, security officers.
Below are the main topics, both theoretical and practical, of this course:
Basic Issues (Causes. Defenses)
Web technologies (HTTP Protocol, Web Functionality, Encoding)
Mapping (Spidering and Analysing)
Authentication attack (technologies, flaws, fixes, brute force)
Attacking session management (State, Tokens, Flaws)
Attacking access controls (common vulnerabilities, attacks)
Attacking data warehouses (SQL Injection, Bypassing Filters, Escalation)
Bypassing Client-Side Controls (Browser Interception, HTML interception, Fixes)
Attacking the server (OS command Injection, Path Traversal, Mail Injection, File Upload)
Attacking Application Logic
Cross Site Scripting
Attacking users (CSRF, ClickJacking, HTML Injection)
Demonstrations:
Spidering, Website Analyzer
Brute-Force
Session Hijacking via Mann-in-The-Middle
Get Gmail or Facebook Passwords via SSLStrip
SQL Injection
Upload File and Remote Execution
Cross-Site Scripting (Stored + Reflected, Preventing XSS)
CSRF (Change password trough CSRF vuln., Preventing CSRF)
Mostly developers and software architects.
But equally useful for system administrators, technical managers and CISOs.
- Developing "out-of-box" thinking.
- See security from an offensive perspective
- Learn security best practices and (most and least) common attacks
- Learn how to protect your applications and infrastructure
- Learn secure coding concepts
Knowledge of secure coding concepts
Overview of Web Penetration Testing
OWASP Top Ten Web Vulnerabilities
Technical measures and best practices
OWASP Top 10 Mobile Vulnerabilities
HTTP Security Headers
JSON Web Tokens
Secure coding – OWASP Application Security Verification Standard (ASVS)
Vulnerabilities of lesser-known web applications
Threat modeling (optional)
Certified Ethical Hacker
Security for Developers
