• IT security with CERT
• Reports & Downloads
• Training
  • Web Application Security
  • IT Forensics
• Contact

Web Application Security

This course deals with vulnerabilities and programming errors in the web environment. As a participant, you will gain an overview of key web technologies and the way they work. You take on the role of an attacker yourself, thus learning how attackers proceed and the tricks that they employ. Finally, we show you how you can avoid vulnerabilities of this type.

Target group
Web administrators, web developers, web programmers, web designers, web officers, IT security officers, members of security teams (CERT, CSIRT) and technically interested individuals wishing to learn more about security issues in the web environment.

Requirements
In order to be able to follow the course, participants should have a basic understanding of HTTP and HTML. Knowledge of additional topics, such as SQL, DOM or JavaScript is an advantage but is not a condition of participation. The course is primarily made up of hands-on exercises. Code examples (HTML, SQL, JavaScript etc.) will be provided for the different exercises. Participants should be in a position to adapt these examples and carry out their own attacks.

Course content and objectives
Participants:

• are familiar with the most common vulnerabilities in the web environment.
• understand how attackers proceed and which methods and tools are used.
• learn to use these methods and tools themselves.
• are familiar with the countermeasures for protecting their own web applications.

Key concepts
Client-Server models, HTML, HTTP(Protocol, Sessions, Splitting, Security Audit Proxies), DOM, CSS, Javascript, Java, String manipulation, AAA, Presentation layer insecurity, Path traversal, XSS, CSRF/XSFR, Injection(SQL, XML, Log, Path), Thread safety, Concurrency,  DoS, AJAX(Injection, JSON, XML, DOM), Web application pen-testing, Coding mistakes and bad practices.

Cost
CHF 2250 including VAT and course material. We will provide laptops for the hands-on exercises. Catering is included in the price of the course. After completing the course, you will be issued with a confirmation of your participation.

Date of next course
Currently at the planning stage.

Contact
Have you any questions? Would you like to hold this course on your company premises? Contact us by e-mail at training@switch.ch or by phone on +41 44 268 1540.
 

Register now and choose a date