Security awareness for Web developers
dartalis proposes a course based on the well-known Open Web Application Security Project (OWASP) which is a worldwide free and open community focused on improving the security of application software. Additionally, concrete attacks will be analyzed during workshops to show what really happens and how it can be prevented. For more in-depth security knowledge on a specific development language, dartalis also offers a Secure Development Course.
Web Developers and project managers who are involved in development project.
- Introduction and Information Security : Introduces information security, its main concepts and why it is important
- OWASP in a nutshell : Provides insight about OWASP and its main subprojects
- What are Web Applications : Introduces web applications, technologies and frameworks that are used
- Secure Design Principles : Outlines security principles that should be observed by any developer
- Authentication : Exposes the different authentication methods and the risks that they introduce
- Cryptography : Explains the different cryptography families that exist, how they can be used and for what purpose
- Phishing, scamming, pharming, worms and malware : Introduces developers to these attack vectors
- SQL injections : Provides an in-depth analysis of this well-known type of attack
- XSS, XSSI, and XSRF injections : Analyses the concepts behind these recent attacks
- Client State validation : Describes the common pitfalls of session handling
- Buffer overflows : Analyses the concepts behind such attacks
- Error Handling : Describes the best practices in error handling
- Framework considerations : Elaborate J2EE and/or .NET security considerations and tips
The dartalis consultants who will hold the course have a thorough understanding of the different attacks and security principles described during the class. They can obviously elaborate and go in-depth if a topic is of particular interest to the participant
Participants should have a good understanding about Windows and Unix/Linux along with knowledge of TCP/IP and Networking.
Duration: 2 Days