Web Security 360 (online)

When applications on the Internet are exposed to potential attacks around the clock, then security should not just play a secondary role. This is not only true for business-critical applications, but also for any processing of personal and confidential data. Even if applications don't seem particularly important or worth protecting, security vulnerabilities make them a gateway for attacks from inside and outside.

Based on OWASP Top 10, Security by Design, IT-Grundschutz, and GDPR compliance, numerous other important aspects of web security are covered, including authentication mechanisms such as WebAuthn or best practices for designing and implementing secure APIs.

The content and focus of the training is continuously updated to take new developments in security research and new attacks into account.

Learning Objectives
  • You understand the basic principles of secure web development and security by design
  • You are familiar with effective security mechanisms
  • You know the most important attack vectors and can evaluate resulting risks
  • You can identify and eliminate the most common security-related errors
Target Audience

This training is designed for developers, DevOps, and other stakeholders who want to build and operate secure web applications or need to increase the security level of existing applications.

Requirements

Basic knowledge of PHP or a similar programming language is required, as well as experience in creating or running web-based applications.

    • You book your training directly online with us. For purchase on account or special group rates contact us or write an email.
    • You will receive an email within a short time in which we confirm your participation.
    • Within 48 hours during our business hours you will receive your
      Invoice

      Companies with their registered office in Germany are of course entitled to deduct input tax from the invoice. For European Union companies based outside Germany, the reverse charge procedure applies. For companies based outside the European Union, no sales tax is due.

      as a PDF document.
  • Introduction

    • Welcoming, introducing and collecting expectations (ca. 15 min)
    • Introduction: 3,2,1 - no longer mine? (ca. 15 min)
    • Cross Site Scripting (XSS) (ca. 30 min)
    • Find, Exploit, Secure (ca. 30 min)
    • Preventing XSS reliably (ca. 60 min)
    • Discussion of the work assignment (ca. 15 min)
  • Work Assignment

    In order to directly gain your own practical experience, you will work on your work assignment in your own time until the next online session.

    Work assignments are designed to take 1 to 2 hours to complete. You decide whether you work on the exercises alone or in a work group. Forming a work group with another training participant you have never met before can be an interesting and instructive experience.

    Of course, we will not leave you alone with questions about your work assignments. Between the online sessions, you will receive support via e-mail from the trainer on all questions regarding the previous training content and the work assignments.

  • At the latest until the day before the next online session, you can send your solution to the trainer by e-mail. At the beginning of the next online session, examples selected from all submissions will be discussed and improved by the trainer.

  • Injection Attacks

    • Joint review of selected work assignments (ca. 15 min)
    • SQL Injections (ca. 45 min)
    • Remote Code Execution (ca. 30 min)
    • Traversal Attacks (ca. 30 min)
    • Attacks on logging & exports (ca. 30 min)
    • Discussion of the work assignment (ca. 15 min)
  • Work Assignment

    In order to directly gain your own practical experience, you will work on your work assignment in your own time until the next online session.

    Work assignments are designed to take 1 to 2 hours to complete. You decide whether you work on the exercises alone or in a work group. Forming a work group with another training participant you have never met before can be an interesting and instructive experience.

    Of course, we will not leave you alone with questions about your work assignments. Between the online sessions, you will receive support via e-mail from the trainer on all questions regarding the previous training content and the work assignments.

  • At the latest until the day before the next online session, you can send your solution to the trainer by e-mail. At the beginning of the next online session, examples selected from all submissions will be discussed and improved by the trainer.

  • Authentication

    • Joint review of selected work assignments (ca. 15 min)
    • Attacks on the Password (ca. 45 min)
    • 2nd Factor, WebAuthn, and more Password Alternatives (ca. 45 min)
    • Authentication for APIs (ca. 45 min)
    • Discussion of the work assignment (ca. 15 min)
  • Work Assignment

    In order to directly gain your own practical experience, you will work on your work assignment in your own time until the next online session.

    Work assignments are designed to take 1 to 2 hours to complete. You decide whether you work on the exercises alone or in a work group. Forming a work group with another training participant you have never met before can be an interesting and instructive experience.

    Of course, we will not leave you alone with questions about your work assignments. Between the online sessions, you will receive support via e-mail from the trainer on all questions regarding the previous training content and the work assignments.

  • At the latest until the day before the next online session, you can send your solution to the trainer by e-mail. At the beginning of the next online session, examples selected from all submissions will be discussed and improved by the trainer.

  • Authorization

    • Joint review of selected work assignments (ca. 15 min)
    • Common Access Control Mistakes (ca. 30 min)
    • Why "Blacklists" are dangerous (ca. 30 min)
    • Avoiding access protection errors (ca. 30 min)
    • Prevent indirect access (ca. 30 min)
    • Extension of rights (ca. 15 min)
    • Discussion of the work assignment (ca. 15 min)
  • Work Assignment

    In order to directly gain your own practical experience, you will work on your work assignment in your own time until the next online session.

    Work assignments are designed to take 1 to 2 hours to complete. You decide whether you work on the exercises alone or in a work group. Forming a work group with another training participant you have never met before can be an interesting and instructive experience.

    Of course, we will not leave you alone with questions about your work assignments. Between the online sessions, you will receive support via e-mail from the trainer on all questions regarding the previous training content and the work assignments.

  • At the latest until the day before the next online session, you can send your solution to the trainer by e-mail. At the beginning of the next online session, examples selected from all submissions will be discussed and improved by the trainer.

  • API Security

    • Joint review of selected work assignments (ca. 15 min)
    • Typical API Design Mistakes (ca. 30 min)
    • Cross Origin Resource Sharing (ca. 45 min)
    • Protection by rate limiting (ca. 45 min)
    • Discussion of the work assignment (ca. 15 min)
  • Work Assignment

    In order to directly gain your own practical experience, you will work on your work assignment in your own time until the next online session.

    Work assignments are designed to take 1 to 2 hours to complete. You decide whether you work on the exercises alone or in a work group. Forming a work group with another training participant you have never met before can be an interesting and instructive experience.

    Of course, we will not leave you alone with questions about your work assignments. Between the online sessions, you will receive support via e-mail from the trainer on all questions regarding the previous training content and the work assignments.

  • At the latest until the day before the next online session, you can send your solution to the trainer by e-mail. At the beginning of the next online session, examples selected from all submissions will be discussed and improved by the trainer.

  • Request Security

    • Joint review of selected work assignments (ca. 15 min)
    • Attacks on the session (ca. 30 min)
    • Cross Site Request Forgery (ca. 30 min)
    • Secure cookies (ca. 30 min)
    • Important HTTP headers and their usage (ca. 45 min)
    • Discussion of the work assignment (ca. 15 min)
  • Work Assignment

    In order to directly gain your own practical experience, you will work on your work assignment in your own time until the next online session.

    Work assignments are designed to take 1 to 2 hours to complete. You decide whether you work on the exercises alone or in a work group. Forming a work group with another training participant you have never met before can be an interesting and instructive experience.

    Of course, we will not leave you alone with questions about your work assignments. Between the online sessions, you will receive support via e-mail from the trainer on all questions regarding the previous training content and the work assignments.

  • At the latest until the day before the next online session, you can send your solution to the trainer by e-mail. At the beginning of the next online session, examples selected from all submissions will be discussed and improved by the trainer.

  • Transport Security

    • Joint review of selected work assignments (ca. 15 min)
    • Attacks on the connection (ca. 30 min)
    • Secure TLS configuration (ca. 45 min)
    • TLS for the internal network (ca. 30 min)
    • Practical use of testing tools (ca. 30 min)
    • Discussion of the work assignment (ca. 15 min)
  • Work Assignment

    In order to directly gain your own practical experience, you will work on your work assignment in your own time until the next online session.

    Work assignments are designed to take 1 to 2 hours to complete. You decide whether you work on the exercises alone or in a work group. Forming a work group with another training participant you have never met before can be an interesting and instructive experience.

    Of course, we will not leave you alone with questions about your work assignments. Between the online sessions, you will receive support via e-mail from the trainer on all questions regarding the previous training content and the work assignments.

  • At the latest until the day before the next online session, you can send your solution to the trainer by e-mail. At the beginning of the next online session, examples selected from all submissions will be discussed and improved by the trainer.

  • In Production

    • Joint review of selected work assignments (ca. 15 min)
    • Secure deployments (ca. 30 min)
    • Where to put access data (ca. 30 min)
    • Life without passwords (ca. 45 min)
    • Maintenance & Updates (ca. 30 min)
    • Discussion of the work assignment (ca. 15 min)
  • Work Assignment

    In order to directly gain your own practical experience, you will work on your work assignment in your own time until the next online session.

    Work assignments are designed to take 1 to 2 hours to complete. You decide whether you work on the exercises alone or in a work group. Forming a work group with another training participant you have never met before can be an interesting and instructive experience.

    Of course, we will not leave you alone with questions about your work assignments. Between the online sessions, you will receive support via e-mail from the trainer on all questions regarding the previous training content and the work assignments.

  • At the latest until the day before the next online session, you can send your solution to the trainer by e-mail. At the beginning of the next online session, examples selected from all submissions will be discussed and improved by the trainer.

  • Infrastructure & Operations

    • Joint review of selected work assignments (ca. 15 min)
    • SELinux & AppAmor (ca. 45 min)
    • Logging and Monitoring (ca. 30 min)
    • Hardening servers and containers (ca. 60 min)
    • Discussion of the work assignment (ca. 15 min)
  • Work Assignment

    In order to directly gain your own practical experience, you will work on your work assignment in your own time until the next online session.

    Work assignments are designed to take 1 to 2 hours to complete. You decide whether you work on the exercises alone or in a work group. Forming a work group with another training participant you have never met before can be an interesting and instructive experience.

    Of course, we will not leave you alone with questions about your work assignments. Between the online sessions, you will receive support via e-mail from the trainer on all questions regarding the previous training content and the work assignments.

  • At the latest until the day before the next online session, you can send your solution to the trainer by e-mail. At the beginning of the next online session, examples selected from all submissions will be discussed and improved by the trainer.

  • What else is important

    • Joint review of selected work assignments (ca. 15 min)
    • Avoiding spam & filtering background noise (ca. 30 min)
    • GDPR: Proper handling of sensitive data (ca. 30 min)
    • HTML 5 (ca. 45 min)
    • Summary and Outlook (ca. 15 min)
    • Feedback and Closing (ca. 30 min)
    • Material

      After the last online session, you will receive all materials used in the training, such as presentations, sketches, or sample code, together with supplementary material such as links and references to further literature for follow-up. For some training topics, you will also receive access to additional digital content on the topic of the training.

    • Certificate of Participation

      All participants who have attended the online sessions and completed the work assignments will receive a certificate of participation from us.

    • E-Mail Support

      Of course, we also support you in integrating what you have learned into your everyday work. We provide support via e-mail (response time: 24 hours during our working hours) for all participants for four weeks after the last online session on all questions related to the topics of the training.

    • Closing Meeting

      After the end of the email support, you will have another opportunity to ask the trainer your questions in the joint closing meeting (circa 30 minutes).

      In addition to an outlook on further topics, the trainer has a few more tips and tricks up his sleeve. And last but not least, we are interested in your final feedback on our training.

  • Three to six months after the training, you should consider attending more advanced training to build on the practical experience you have gained up to that point.

    We will also be happy to accompany you on your further path in an advisory or coaching capacity. Please contact us.

Scope of Services
  • ten video conferences for knowledge transfer (3 hours each)
  • nine work assignments of 1-2 hours processing time with e-mail support during the processing period
  • four weeks of email support after the last online session
  • joint closing meeting (30 min)

Please note that depending on the training booked, the individual online appointments may each take place at different times of the day.

Technical requirements for attending an online training.

Available online "inhouse"

Inquire

Exclusive and customized?

We are happy to conduct any training exclusively online ("in-house") for you. We adapt the content and focus to your specific wishes and needs and work with examples directly from your code base.

More information