Web Application Security Basic

Learning objectives

The participants are aware of the OWASP TOP 10 vulnerabilities and the according countermeasures. They can estimate what the risks are that underlie the respective weaknesses and what kind of effects these will have on an application, the underlying system and the user. For every attack like SQL Injection, XSS, XSRF and Authorization Bypass, there is theoretical content as well as laboratory exercises. In addition, the capability for self-assessment and the important foundations of HTTP/HTTPS are taught.

The exercises will be done on www.hacking-lab.com. Following the course, the lab environment is available to the participants for another month.

Demarcation: The course is focussed on the web layer. Nessus, Nmap and Vulnerability Scanning are not included in this course. In addition, the course is intended to be the foundation for the Web Application Security Advanced seminar, which covers the subjects of Web 2.0, HTML5, Advanced JavaScript, AngularJS, Cross-Domain access and authentication frameworks.

Highlights 

  • Introduction to HTTP/S, cookies, sessions
  • Legal boundary conditions
  • OWASP TOP 10
  • Tool Introduction: HTTP/S recording and analysis
  • Authentication & Authorization Bypass
  • Session Handling
  • Stored/Reflected Cross-Site Scripting (XSS)
  • SQL Injection
  • Input & Output Validation
  • Web Application Firewall
  • Cross-Site Request Forgery (XSRF)
  • URL Redirection Attacks
  • Security Misconfiguration

                        Target group

                        • Security Officers
                        • Web Developers

                        Prerequisite

                        • Familiarity with the Linux command line
                        • Basic knowledge of the HTTP protocol
                        • Fundamental knowledge of the components of a web application
                        • Programming skills are an advantage

                            CALENDAR

                            Cyber Risks - Früherkennung leicht gemacht

                            Das SwissBoardForum lädt ein zum Spezialevent «Cyber Risks». Ivan Bütler zeigt in seinem Live Hacking, welchen Risiken unsere Infrastruktur gegenüber... Read more

                            Beer-Talk in Zürich: Bluetooth Low Energy: Protocol, Security & Attacks

                            Immer mehr Geräte und Gadgets können über Bluetooth Low Energy (BLE) miteinander kommunizieren. Haben Sie sich schon gefragt, was dieses BLE überhaupt... Read more

                            Security Training: Secure Mobile Apps

                            In the 2-day course (in German) from Mai 12/13, 2020, you will learn about the most important security problems of mobile apps. Read more

                            ALL DATES

                            NEWS

                            Vulnerability in Abacus

                            Ville Koch identified a Cross-Site Scripting vulnerability in Abacus. Read more

                            Rein kommen wir meistens

                            In einem Interview in der Wirtschaftszeitung «Finanz und Wirtschaft» spricht Walter Sprenger über die Motivationsgründe und Methoden der Hacker. Read more

                            KMU im Visier von Cyberkriminellen

                            In der Sendung «Fokus KMU» erzählt ein Betroffener über die Auswirkungen der Cyber Attacke auf sein Unternehmen. Cyrill Brunschwiler von Compass... Read more

                            ARCHIVES

                            Compass Security Blog

                            New SMBGhost Vulnerability Affects Modern Windows Systems

                            A new vulnerability (CVE-2020-0796) affecting SMBv3 has been discovered. The community has started to name this vulnerability SMBGhost because everyone knows this vulnerability is present but no... mehr

                            Domain-Join Computers the Proper Way

                            When you add a new computer, it must first join the domain. If you use its future main user to do it, they'll become the owner and be able to hijack the computer to become a local administrator in... mehr

                            ZUM BLOG