Web Application Security Basic

Learning objectives

The participants are aware of the OWASP TOP 10 vulnerabilities and the according countermeasures. They can estimate what the risks are that underlie the respective weaknesses and what kind of effects these will have on an application, the underlying system and the user. For every attack like SQL Injection, XSS, XSRF and Authorization Bypass, there is theoretical content as well as laboratory exercises. In addition, the capability for self-assessment and the important foundations of HTTP/HTTPS are taught.

The exercises will be done on www.hacking-lab.com. Following the course, the lab environment is available to the participants for another month.

Demarcation: The course is focussed on the web layer. Nessus, Nmap and Vulnerability Scanning are not included in this course. In addition, the course is intended to be the foundation for the Web Application Security Advanced seminar, which covers the subjects of Web 2.0, HTML5, Advanced JavaScript, AngularJS, Cross-Domain access and authentication frameworks.

Highlights 

  • Introduction to HTTP/S, cookies, sessions
  • Legal boundary conditions
  • OWASP TOP 10
  • Tool Introduction: HTTP/S recording and analysis
  • Authentication & Authorization Bypass
  • Session Handling
  • Stored/Reflected Cross-Site Scripting (XSS)
  • SQL Injection
  • Input & Output Validation
  • Web Application Firewall
  • Cross-Site Request Forgery (XSRF)
  • URL Redirection Attacks
  • Security Misconfiguration

                        Target group

                        • Security Officers
                        • Web Developers

                        Prerequisite

                        • Familiarity with the Linux command line
                        • Basic knowledge of the HTTP protocol
                        • Fundamental knowledge of the components of a web application
                        • Programming skills are an advantage

                            CALENDAR

                            Basel Economic Forum 2019

                            The Basel Economic Forum is the economic forum for the trinational metropolitan region of Basel and northwestern Switzerland. The 6th event will take... Read more

                            New: Compass-Training "Internal Network and System Security" in Bern

                            In the 2-day seminar (in German) from February 11/12, 2020, you will get to know the most important basic concepts of IT security, attack tools and... Read more

                            KMU Swiss Forum 2020

                            The association «KMU Swiss» promotes the interaction between companies and specialists. He organises the annual KMU Swiss Forum. The next years motto... Read more

                            ALL DATES

                            NEWS

                            Vulnerability in totemodata

                            Fabio Poloni identified an XSS vulnerability in totemodata®. Read more

                            Gesundheitswesen: Ein leichtes Ziel für Hacker

                            «Heime & Spitäler» ist das Fachmedium für Entscheidungsträger von Schweizer Heimen und Spitäler. In der aktuellen Ausgabe beschreibt Compass Security... Read more

                            Vulnerablitity in VeloCloud™

                            Silas Bärtsch identified a vulnerability in VeloCloud™ (VMware), that allows a VeloCloud standard admin user to access user information of other... Read more

                            ARCHIVES

                            Compass Security Blog

                            Hacking Tools Cheat Sheet

                            Everyone knows: cheat sheets are cool! They are very useful if you already know the basics about a topic but you have to look up details when you are not sure about something. mehr

                            Introducing Web Vulnerabilities into Native Apps

                            Mobile applications nowadays make heavy use of WebViews in order to render their user interfaces. Frameworks such as PhoneGap / Apache Cordova are even used to implement most of the application's... mehr

                            ZUM BLOG