Security in Web Applications Advanced
During this training, web developers will learn about the most common threats to web applications and what countermeasures can be taken. The open source project OWASP Juice Shop is used as an example application with vulnerabilities.
The concepts learned can be applied to any programming language and architecture.
After completing the course, participants will know the importance of web security for companies and organizations. They will acquire basic theoretical knowledge and methodological knowledge based on this knowledge in order to be able to carry out a (simple) risk assessment of web applications and to be able to offer approaches for securing them. You will gain an understanding of the interplay between the software development process and security.
- Brief introduction to web basics
- Basics of IT security
- Threats oriented on the OWASP Top Ten
- Security in a service-oriented world, oriented on the OWASP API Security Top 10
- Docker security for developers
- Mobile Security
- Security in the development lifecycle
- In the last three hours, participants will put their acquired knowledge to the test in a Capture the Flag / Tournament
Exercises consist of an attack part, where the threat is first learned through hands-on sample, and a defense part, where measures to reduce or defend against the threat presented or implemented.
All developers who have been involved in web application development for at least two years and for whom the following do not raise any question marks: HTML, HTTP, SQL, browsers.
Learning by doing is one of the most important paradigms. More about the training methodology here.
Timo Pagel incorporates his knowledge from over 20 years in operations and development into his trainings. As a DevSecOps consultant, he not only advises at the strategic level but also lends a hand.