Web Application Security Advanced

September 21/22, 2021, Bern (in German)

Learning objectives

The participants will expand their basic knowledge of web application security topics. They gain an understanding of the additional risks of modern web technologies, the meaning of the Same Origin Policy and also Cross Domain subjects. In addition, the participants will have a closer look at some of the modern authorization and authentication frameworks, which are used nowadays to build single-sign-on solutions.

The exercises will be done on www.hacking-lab.com. Following the course, the lab environment is available to the participants for another monthups.

Demarcation: The course is focussed on the web layer. Nessus, Nmap and Vulnerability Scanning are not included in this course. In addition, the course is the continuation of the foundation course, "Web Application Security Basic".

Highlights

  • Same Origin Policy
  • JSON Security
  • Cross-Origin Resource Sharing (CORS)
  • Websocket & Server-Sent Events Security
  • Web Entry Server & Web Application Firewall
  • Content Security Policy
  • JavaScript Frameworks & Script Gadgets
  • XML External Entity Attacks
  • SAML Attacks
  • JOSE (JSON Object Signing and Encryption) & JWT
  • OAuth
  • OpenID Connect

Target group

  • Security Officers
  • Web developers
  • Graduates of the "Web Application Security Basic” seminar

Prerequisite

  • Familiarity with the Linux command line
  • Knowledge of the HTTP protocol
  • Knowledge of the various components of a modern web application
  • Technologies like JavaScript, GET/POST, XML, JSON are familiar concepts
  • Familiar with OWASP Top 10 attacks (like SQL Injection, Cross-Site Scripting etc.)
  • Knowledge from the "Web Application Security Basic” seminar

Important Note 

The course is conducted in the German language.

Course Fees

CHF 2'300.00 plus MwSt.
CHF 1'950.00 plus MwSt. for members of ISSS

Location and  Course Hours

TECHNOPARK Zürich
Technoparkstrasse 1
8005 Zurich

Our courses last form 9.15 to 17.15 with lunch from 12.15 to 13.30 and additional breaks.

Course Administration

Please contact +41 44 455 64 14 or team.csch@compass-security.com