Web Security 360

When applications on the Internet are exposed to potential attacks around the clock, then security should not just play a secondary role. This is not only true for business-critical applications, but also for any processing of personal and confidential data. Even if applications don't seem particularly important or worth protecting, security vulnerabilities make them a gateway for attacks from inside and outside.

Based on OWASP Top 10, Security by Design, IT-Grundschutz, and GDPR compliance, numerous other important aspects of web security are covered, including authentication mechanisms such as WebAuthn or best practices for designing and implementing secure APIs.

The content and focus of the training is continuously updated to take new developments in security research and new attacks into account.

Learning Objectives

You understand the basic principles of secure web development and security by design
You are familiar with effective security mechanisms
You know the most important attack vectors and can evaluate resulting risks
You can identify and eliminate the most common security-related errors

Target Audience

This training is designed for developers, DevOps, and other stakeholders who want to build and operate secure web applications or need to increase the security level of existing applications.

Requirements

Basic knowledge of PHP or a similar programming language is required, as well as experience in creating or running web-based applications.

Before the training
- You book your training directly online with us. For purchase on account or special group rates contact us or write an email.
- You will receive an email within a short time in which we confirm your participation.
- Within 48 hours during our business hours you will receive your
  
  Invoice
  
  Companies with their registered office in Germany are of course entitled to deduct input tax from the invoice. For European Union companies based outside Germany, the reverse charge procedure applies. For companies based outside the European Union, no sales tax is due.
  
  as a PDF document.
- About a week before the first online session, we will send you an e-mail with all the important information about your training. In addition to a link to the video conference, this contains comprehensive information on the technical requirements and any preparations you should make.
Introduction
- Welcoming, introducing and collecting expectations (ca. 15 min)
- Introduction: 3,2,1 - no longer mine? (ca. 15 min)
- Cross Site Scripting (XSS) (ca. 30 min)
- Find, Exploit, Secure (ca. 30 min)
- Preventing XSS reliably (ca. 60 min)
- Discussion of the work assignment (ca. 15 min)
Work Assignment

In order to directly gain your own practical experience, you will work on your work assignment in your own time until the next online session.
Details
Work assignments are designed to take 1 to 2 hours to complete. You decide whether you work on the exercises alone or in a work group. Forming a work group with another training participant you have never met before can be an interesting and instructive experience.

Of course, we will not leave you alone with questions about your work assignments. Between the online sessions, you will receive support via e-mail from the trainer on all questions regarding the previous training content and the work assignments.
Your solutions

At the latest until the day before the next online session, you can send your solution to the trainer by e-mail. At the beginning of the next online session, examples selected from all submissions will be discussed and improved by the trainer.
Injection Attacks
- Joint review of selected work assignments (ca. 15 min)
- SQL Injections (ca. 45 min)
- Remote Code Execution (ca. 30 min)
- Traversal Attacks (ca. 30 min)
- Attacks on logging & exports (ca. 30 min)
- Discussion of the work assignment (ca. 15 min)
Work Assignment

In order to directly gain your own practical experience, you will work on your work assignment in your own time until the next online session.
Details
Work assignments are designed to take 1 to 2 hours to complete. You decide whether you work on the exercises alone or in a work group. Forming a work group with another training participant you have never met before can be an interesting and instructive experience.

Of course, we will not leave you alone with questions about your work assignments. Between the online sessions, you will receive support via e-mail from the trainer on all questions regarding the previous training content and the work assignments.
Your solutions

At the latest until the day before the next online session, you can send your solution to the trainer by e-mail. At the beginning of the next online session, examples selected from all submissions will be discussed and improved by the trainer.
Authentication
- Joint review of selected work assignments (ca. 15 min)
- Attacks on the Password (ca. 45 min)
- 2nd Factor, WebAuthn, and more Password Alternatives (ca. 45 min)
- Authentication for APIs (ca. 45 min)
- Discussion of the work assignment (ca. 15 min)
Work Assignment

In order to directly gain your own practical experience, you will work on your work assignment in your own time until the next online session.
Details
Work assignments are designed to take 1 to 2 hours to complete. You decide whether you work on the exercises alone or in a work group. Forming a work group with another training participant you have never met before can be an interesting and instructive experience.

Of course, we will not leave you alone with questions about your work assignments. Between the online sessions, you will receive support via e-mail from the trainer on all questions regarding the previous training content and the work assignments.
Your solutions

At the latest until the day before the next online session, you can send your solution to the trainer by e-mail. At the beginning of the next online session, examples selected from all submissions will be discussed and improved by the trainer.
Authorization
- Joint review of selected work assignments (ca. 15 min)
- Common Access Control Mistakes (ca. 30 min)
- Why "Blacklists" are dangerous (ca. 30 min)
- Avoiding access protection errors (ca. 30 min)
- Prevent indirect access (ca. 30 min)
- Extension of rights (ca. 15 min)
- Discussion of the work assignment (ca. 15 min)
Work Assignment

In order to directly gain your own practical experience, you will work on your work assignment in your own time until the next online session.
Details
Work assignments are designed to take 1 to 2 hours to complete. You decide whether you work on the exercises alone or in a work group. Forming a work group with another training participant you have never met before can be an interesting and instructive experience.

Of course, we will not leave you alone with questions about your work assignments. Between the online sessions, you will receive support via e-mail from the trainer on all questions regarding the previous training content and the work assignments.
Your solutions

At the latest until the day before the next online session, you can send your solution to the trainer by e-mail. At the beginning of the next online session, examples selected from all submissions will be discussed and improved by the trainer.
API Security
- Joint review of selected work assignments (ca. 15 min)
- Typical API Design Mistakes (ca. 30 min)
- Cross Origin Resource Sharing (ca. 45 min)
- Protection by rate limiting (ca. 45 min)
- Discussion of the work assignment (ca. 15 min)
Work Assignment

In order to directly gain your own practical experience, you will work on your work assignment in your own time until the next online session.
Details
Work assignments are designed to take 1 to 2 hours to complete. You decide whether you work on the exercises alone or in a work group. Forming a work group with another training participant you have never met before can be an interesting and instructive experience.

Of course, we will not leave you alone with questions about your work assignments. Between the online sessions, you will receive support via e-mail from the trainer on all questions regarding the previous training content and the work assignments.
Your solutions

At the latest until the day before the next online session, you can send your solution to the trainer by e-mail. At the beginning of the next online session, examples selected from all submissions will be discussed and improved by the trainer.
Request Security
- Joint review of selected work assignments (ca. 15 min)
- Attacks on the session (ca. 30 min)
- Cross Site Request Forgery (ca. 30 min)
- Secure cookies (ca. 30 min)
- Important HTTP headers and their usage (ca. 45 min)
- Discussion of the work assignment (ca. 15 min)
Work Assignment

In order to directly gain your own practical experience, you will work on your work assignment in your own time until the next online session.
Details
Work assignments are designed to take 1 to 2 hours to complete. You decide whether you work on the exercises alone or in a work group. Forming a work group with another training participant you have never met before can be an interesting and instructive experience.

Of course, we will not leave you alone with questions about your work assignments. Between the online sessions, you will receive support via e-mail from the trainer on all questions regarding the previous training content and the work assignments.
Your solutions

At the latest until the day before the next online session, you can send your solution to the trainer by e-mail. At the beginning of the next online session, examples selected from all submissions will be discussed and improved by the trainer.
Transport Security
- Joint review of selected work assignments (ca. 15 min)
- Attacks on the connection (ca. 30 min)
- Secure TLS configuration (ca. 45 min)
- TLS for the internal network (ca. 30 min)
- Practical use of testing tools (ca. 30 min)
- Discussion of the work assignment (ca. 15 min)
Work Assignment

In order to directly gain your own practical experience, you will work on your work assignment in your own time until the next online session.
Details
Work assignments are designed to take 1 to 2 hours to complete. You decide whether you work on the exercises alone or in a work group. Forming a work group with another training participant you have never met before can be an interesting and instructive experience.

Of course, we will not leave you alone with questions about your work assignments. Between the online sessions, you will receive support via e-mail from the trainer on all questions regarding the previous training content and the work assignments.
Your solutions

At the latest until the day before the next online session, you can send your solution to the trainer by e-mail. At the beginning of the next online session, examples selected from all submissions will be discussed and improved by the trainer.
In Production
- Joint review of selected work assignments (ca. 15 min)
- Secure deployments (ca. 30 min)
- Where to put access data (ca. 30 min)
- Life without passwords (ca. 45 min)
- Maintenance & Updates (ca. 30 min)
- Discussion of the work assignment (ca. 15 min)
Work Assignment

In order to directly gain your own practical experience, you will work on your work assignment in your own time until the next online session.
Details
Work assignments are designed to take 1 to 2 hours to complete. You decide whether you work on the exercises alone or in a work group. Forming a work group with another training participant you have never met before can be an interesting and instructive experience.

Of course, we will not leave you alone with questions about your work assignments. Between the online sessions, you will receive support via e-mail from the trainer on all questions regarding the previous training content and the work assignments.
Your solutions

At the latest until the day before the next online session, you can send your solution to the trainer by e-mail. At the beginning of the next online session, examples selected from all submissions will be discussed and improved by the trainer.
Infrastructure & Operations
- Joint review of selected work assignments (ca. 15 min)
- SELinux & AppAmor (ca. 45 min)
- Logging and Monitoring (ca. 30 min)
- Hardening servers and containers (ca. 60 min)
- Discussion of the work assignment (ca. 15 min)
Work Assignment

In order to directly gain your own practical experience, you will work on your work assignment in your own time until the next online session.
Details
Work assignments are designed to take 1 to 2 hours to complete. You decide whether you work on the exercises alone or in a work group. Forming a work group with another training participant you have never met before can be an interesting and instructive experience.

Of course, we will not leave you alone with questions about your work assignments. Between the online sessions, you will receive support via e-mail from the trainer on all questions regarding the previous training content and the work assignments.
Your solutions

At the latest until the day before the next online session, you can send your solution to the trainer by e-mail. At the beginning of the next online session, examples selected from all submissions will be discussed and improved by the trainer.
What else is important
- Joint review of selected work assignments (ca. 15 min)
- Avoiding spam & filtering background noise (ca. 30 min)
- GDPR: Proper handling of sensitive data (ca. 30 min)
- HTML 5 (ca. 45 min)
- Summary and Outlook (ca. 15 min)
- Feedback and Closing (ca. 30 min)
After the training
- Material
  
  After the last online session, you will receive all materials used in the training, such as presentations, sketches, or sample code, together with supplementary material such as links and references to further literature for follow-up. For some training topics, you will also receive access to additional digital content on the topic of the training.
- Certificate of Participation
  
  All participants who have attended the online sessions and completed their work assignments will receive a certificate of participation from us.
- E-Mail Support
  
  Of course, we also support you in integrating what you have learned into your everyday work. We provide support via e-mail on all questions related to the topics of the training for all participants from the last online session until the closing meeting.
- Closing Meeting
  
  After the end of the email support, you will have another opportunity to ask the trainer your questions in the joint closing meeting (circa 30 minutes).
  
  In addition to an outlook on further topics, the trainer has a few more tips and tricks up his sleeve. And last but not least, we are interested in your final feedback on our training.
Follow-Up

Three to six months after the training, you should consider attending more advanced training to build on the practical experience you have gained up to that point.

We will also be happy to accompany you on your further path in an advisory or coaching capacity. Please contact us.

Scope of Services

ten video conferences for knowledge transfer (3 hours each)
nine work assignments of 1-2 hours processing time with e-mail support during the processing period
four weeks of email support after the last online session
joint closing meeting (30 min)

Please note that depending on the training booked, the individual online appointments may each take place at different times of the day.

Technical requirements for attending an online training.

Available online "inhouse"

Inquire

Exclusive and customized?

We are happy to conduct any training exclusively online ("in-house") for you. We adapt the content and focus to your specific wishes and needs and optionally work with examples directly from your code base.

More information

Web Security 360

Before the training

Introduction

Work Assignment

Your solutions

Injection Attacks

Work Assignment

Your solutions

Authentication

Work Assignment

Your solutions

Authorization

Work Assignment

Your solutions

API Security

Work Assignment

Your solutions

Request Security

Work Assignment

Your solutions

Transport Security

Work Assignment

Your solutions

In Production

Work Assignment

Your solutions

Infrastructure & Operations

Work Assignment

Your solutions

What else is important

After the training

Material

Certificate of Participation

E-Mail Support

Closing Meeting

Follow-Up

Available online "inhouse"

Exclusive and customized?