Secure Programming of Web Applications - Developers and TPMs online course

Understand Application Security: Numerous successful attacks on well-known web applications on a weekly basis should be reason enough to study the background of "Web Application Security" of custom-made or self-developed applications.

Computer systems are ubiquitous and part of our working and private everyday life. For companies it is increasingly complex and difficult to keep up their IT security with the current technical progress. Large enterprises establish security processes which are created according to industry standards (e.g., ISO 27001). These processes are very complex and can only be implemented by teams of security experts. Constant quality assurance, maintenance and adaptation also belong to an IT security process.

It does not matter if a company develops products or runs an online shop, IT security is a characteristic feature. Security incidents, which maybe even reach public uncontrolled, do not only damage the business image but may also lead to legal or financial consequences.

• Intro

• Typical Vulnerabilities Overview

• Cause & Background

• Secure Programming in general

• Code/Command Injection in general

• (No)SQL Code Injection

• Cross-Site Request Forgery (CSRF)

• Cross-Site Scripting (XSS)

• Open Redirection

• File Inclusion / Directory Traversal

• Clickjacking

• Session-Hijacking

• Information Disclosure

• Attacks on Weaknesses of the Authentication

• Denial of Service

• Middleware

• Third-Party Software

• Summary and Conclusion

The principles taught in this course are language and platform independent. However, the course will include examples for Java and PHP.