The participants will expand their basic knowledge of web application security topics. They gain an understanding of the additional risks of modern web technologies, the meaning of the Same Origin Policy and also Cross Domain subjects. In addition, the participants will have a closer look at some of the modern authorization and authentication frameworks, which are used nowadays to build single-sign-on solutions.
The exercises will be done on www.hacking-lab.com. Following the course, the lab environment is available to the participants for another monthups.
Demarcation: The course is focussed on the web layer. Nessus, Nmap and Vulnerability Scanning are not included in this course. In addition, the course is the continuation of the foundation course, "Web Application Security Basic".
- Same Origin Policy
- JSON Security
- Cross-Origin Resource Sharing (CORS)
- Websocket & Server-Sent Events Security
- Web Entry Server & Web Application Firewall
- Content Security Policy
- XML External Entity Attacks
- SAML Attacks
- JOSE (JSON Object Signing and Encryption) & JWT
- OpenID Connect
- Security Officers
- Web developers
- Graduates of the "Web Application Security Basic” seminar
- Familiarity with the Linux command line
- Knowledge of the HTTP protocol
- Knowledge of the various components of a modern web application
- Familiar with OWASP Top 10 attacks (like SQL Injection, Cross-Site Scripting etc.)
- Knowledge from the "Web Application Security Basic” seminar
The course is conducted in the German language.
CHF 2'300.00 plus MwSt.
CHF 1'950.00 plus MwSt. for members of ISSS
Location and Course Hours
Depending on the participants' place of residence, the course can be held in Bern instead of Zurich.
Our courses last form 9.15 to 17.15 with lunch from 12.15 to 13.30 and additional breaks.
Please contact +41 44 455 64 14 or firstname.lastname@example.org
Early registration is recommended. We usually decide 4 weeks before the start on whether wie could hold the course or not.