A number of programming languages are available today to compile code to .NET and ASP.NET frameworks. The environment provides powerful means for security development, but developers should know how to apply the architecture- and coding-level programming techniques in order to implement the desired security functionality and avoid vulnerabilities or limit their exploitation.
The aim of this course is to teach developers through numerous hands-on exercises how to prevent untrusted code from performing privileged actions, protect resources through strong authentication and authorization, provide remote procedure calls, handle sessions, introduce different implementations for certain functionality, and many more. A special section is devoted to configuration and hardening of the .NET and ASP.NET environment for security.
A brief introduction to the foundations of cryptography provides a common practical baseline for understanding the purpose and the operation of various algorithms, based on which the course presents the cryptographic features that can be used in .NET. This is followed by the introduction of some recent crypto vulnerabilities both related to certain crypto algorithms and cryptographic protocols, as well as side-channel attacks.
Introduction of different vulnerabilities starts with presenting some typical programming problems committed when using .NET, including bug categories of input validation, error handling or race conditions. A special focus is given to XML security, while the topic of ASP.NET-specific vulnerabilities tackles some special issues and attack methods: like attacking the ViewState, or the string termination attacks.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn to use various security features of the .NET development environment
Have a practical understanding of cryptography
Understand some recent attacks against cryptosystems
Get information about some recent vulnerabilities in .NET and ASP.NET
Learn about typical coding mistakes and how to avoid them
Get practical knowledge in using security testing tools
Get sources and further readings on secure coding practices
Basics of any programming language
Experience in developing applications
[overview] =>
This course will help professionals understand the value and limits of Application Security. While the Application Security Principals provides valuable awareness around some of the major risks in applications today, this course will highlight both the good and not so good.
This course is crucial because of the increasing need for developers to code in a secure manner. It is critical to introduce security as a quality component into the development cycle. This course aims at educating developers about various security vulnerabilities through hands-on practice using our purposely developed insecure web application.
[category_overview] =>
[outline] =>
Discuss the role of security in the software development lifecycle and how best to create secure applications
Recognize how these software security defects are exploited
Discuss discovery methods for these issues
Implement the practices that help prevent the most common mistakes and lead to more secure software
Android is an open platform for mobile devices such as handsets and tablets. It has a large variety of security features to make developing secure software easier; however, it is also missing certain security aspects that are present in other hand-held platforms. The course gives a comprehensive overview of these features, and points out the most critical shortcomings to be aware of related to the underlying Linux, the file system and the environment in general, as well as regarding using permissions and other Android software development components.
Typical security pitfalls and vulnerabilities are described both for native code and Java applications, along with recommendations and best practices to avoid and mitigate them. In many cases discussed issues are supported with real-life examples and case studies. Finally, we give a brief overview on how to use security testing tools to reveal any security relevant programming bugs.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn the security solutions on Android
Learn to use various security features of the Android platform
Get information about some recent vulnerabilities in Java on Android
Learn about typical coding mistakes and how to avoid them
Get understanding on native code vulnerabilities on Android
Realize the severe consequences of unsecure buffer handling in native code
Understand the architectural protection techniques and their weaknesses
Get sources and further readings on secure coding practices
Implementing a secure networked application can be difficult, even for developers who may have used various cryptographic building blocks (such as encryption and digital signatures) beforehand. In order to make the participants understand the role and usage of these cryptographic primitives, first a solid foundation on the main requirements of secure communication – secure acknowledgement, integrity, confidentiality, remote identification and anonymity – is given, while also presenting the typical problems that may damage these requirements along with real-world solutions.
As a critical aspect of network security is cryptography, the most important cryptographic algorithms in symmetric cryptography, hashing, asymmetric cryptography, and key agreement are also discussed. Instead of presenting an in-depth mathematical background, these elements are discussed from a developer's perspective, showing typical use-case examples and practical considerations related to the use of crypto, such as public key infrastructures. Security protocols in many areas of secure communication are introduced, with an in-depth discussion on the most widely-used protocol families such as IPSEC and SSL/TLS.
Typical crypto vulnerabilities are discussed both related to certain crypto algorithms and cryptographic protocols, such as BEAST, CRIME, TIME, BREACH, FREAK, Logjam, Padding oracle, Lucky Thirteen, POODLE and similar, as well as the RSA timing attack. In each case, the practical considerations and potential consequences are described for each problem, again, without going into deep mathematical details.
Finally, as XML technology is central for data exchange by networked applications, the security aspects of XML are described. This includes the usage of XML within web services and SOAP messages alongside protection measures such as XML signature and XML encryption – as well as weaknesses in those protection measures and XML-specific security issues such as XML injection, XML external entity (XXE) attacks, XML bombs, and XPath injection.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Understand the requirements of secure communication
Learn about network attacks and defenses at different OSI layers
Have a practical understanding of cryptography
Understand essential security protocols
Understand some recent attacks against cryptosystems
Get information about some recent related vulnerabilities
Understand security concepts of Web services
Get sources and further readings on secure coding practices
To serve in the best way heterogeneous development groups that are using various platforms simultaneously during their everyday work, we have merged various topics into a combined course that presents diverse secure coding subjects in didactic manner on a single training event. This course combines C/C++ and Java platform security to provide an extensive, cross-platform secure coding expertise.
Concerning C/C++, common security vulnerabilities are discussed, backed by practical exercises about the attacking methods that exploit these vulnerabilities, with the focus on the mitigation techniques that can be applied to prevent the occurrences of these dangerous bugs, detect them before market launch or prevent their exploitation.
Security components and service of Java are discussed by presenting the different APIs and tools through a number of practical exercises where participants can gain hands-on experience in using them. The course also covers security issues of web services and the related Java services that can be applied to prevent the most aching threats of the Internet based services. Finally, web- and Java-related security vulnerabilities are demonstrated by easy-to-understand exercises, which not only show the root cause of the problems, but also demonstrate the attack methods along with the recommended mitigation and coding techniques in order to avoid the associated security problems.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Realize the severe consequences of unsecure buffer handling
Understand the architectural protection techniques and their weaknesses
Learn about typical coding mistakes and how to avoid them
Be informed about recent vulnerabilities in various platforms, frameworks and libraries
Get sources and further readings on secure coding practices
Migrating to the cloud introduces immense benefits for companies and individuals in terms of efficiency and costs. With respect to security, the effects are quite diverse, but it is a common perception that using cloud services impacts security in a positive manner. Opinions, however, diverge many times even on defining who is responsible for ensuring the security of cloud resources.
Covering IaaS, PaaS and SaaS, first the security of the infrastructure is discussed: hardening and configuration issues as well as various solutions for authentication and authorization alongside identity management that should be at the core of all security architecture. This is followed by some basics regarding legal and contractual issues, namely how trust is established and governed in the cloud.
The journey through cloud security continues with understanding cloud-specific threats and the attackers’ goals and motivations as well as typical attack steps taken against cloud solutions. Special focus is also given to auditing the cloud and providing security evaluation of cloud solutions on all levels, including penetration testing and vulnerability analysis.
The focus of the course is on application security issues, dealing both with data security and the security of the applications themselves. From the standpoint of application security, cloud computing security is not substantially different from general software security, and therefore basically all OWASP-enlisted vulnerabilities are relevant in this domain as well. It is the set of threats and risks that makes the difference, and thus the training is concluded with the enumeration of various cloud-specific attack vectors connected to the weaknesses discussed beforehand.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Understand major threats and risks in the cloud domain
Learn about elementary cloud security solutions
Get information about the trust and the governance regarding the cloud
Have a practical understanding of cryptography
Get extensive knowledge in application security in the cloud
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Understand the challenges of auditing and evaluating cloud systems for security
Learn how to secure the cloud environment and infrastructure
Get sources and further readings on secure coding practices
This three day course covers the basics of securing the C/C++ code against the malicious users who may exploit many vulnerabilities in the code with memory management and input handling, the course cover the principals of writing secure code.
Even experienced Java programmers are not mastering by all means the various security services offered by Java, and are likewise not aware of the different vulnerabilities that are relevant for web applications written in Java.
The course – besides introducing security components of Standard Java Edition – deals with security issues of Java Enterprise Edition (JEE) and web services. Discussion of specific services is preceded with the foundations of cryptography and secure communication. Various exercises deal with declarative and programmatic security techniques in JEE, while both transport-layer and end-to-end security of web services is discussed. The use of all components is presented through several practical exercises, where participants can try out the discussed APIs and tools for themselves.
The course also goes through and explains the most frequent and severe programming flaws of the Java language and platform and web-related vulnerabilities. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Understand security concepts of Web services
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Understand security solutions of Java EE
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Get practical knowledge in using security testing tools
Get sources and further readings on secure coding practices
Even experienced programmers do not master by all means the various security services offered by their development platforms, and are likewise not aware of the different vulnerabilities that are relevant for their developments. This course targets developers using both Java and PHP, providing them essential skills necessary to make their applications resistant to contemporary attacks through the Internet.
Levels of Java security architecture are walked through by tackling access control, authentication and authorization, secure communication and various cryptographic functions. Various APIs are also introduced that can be used to secure your code in PHP, like OpenSSL for cryptography or HTML Purifier for input validation. On server side, the best practices are given for hardening and configuring the operating system, the web container, the file system, the SQL server and the PHP itself, while a special focus is given to client-side security through security issues of JavaScript, Ajax and HTML5.
General web vulnerabilities are discussed by examples aligned to the OWASP Top Ten, showing various injection attacks, script injections, attacks against session handling, insecure direct object references, issues with file uploads, and many others. The various Java- and PHP-specific language problems and issues stemming from the runtime environment are introduced grouped into the standard vulnerability types of missing or improper input validation, improper use of security features, incorrect error and exception handling, time- and state-related problems, code quality issues and mobile code-related vulnerabilities.
Participants can try out the discussed APIs, tools and the effects of configurations for themselves, while the introduction of vulnerabilities are all supported by a number of hands-on exercises demonstrating the consequences of successful attacks, showing how to correct the bugs and apply mitigation techniques, and introducing the use of various extensions and tools.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Learn to use various security features of PHP
Understand security concepts of Web services
Get practical knowledge in using security testing tools
Learn about typical coding mistakes and how to avoid them
Be informed about recent vulnerabilities in Java and PHP frameworks and libraries
Get sources and further readings on secure coding practices
The Java language and the Runtime Environment (JRE) was designed to be free from the most problematic common security vulnerabilities experienced in other languages, like C/C++. Yet, software developers and architects should not only know how to use the various security features of the Java environment (positive security), but should also be aware of the numerous vulnerabilities that are still relevant for Java development (negative security).
The introduction of security services is preceded with a brief overview of the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. The use of these components is presented through several practical exercises, where participants can try out the discussed APIs for themselves.
The course also goes through and explains the most frequent and severe programming flaws of the Java language and platform, covering both the typical bugs committed by Java programmers and the language- and environment-specific issues. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Get sources and further readings on secure coding practices
Beyond solid knowledge in using Java components, even for experienced Java programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side, the different vulnerabilities that are relevant for web applications written in Java, and the consequences of the various risks.
General web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of Java with the most important aim to avoid the associated problems. In addition, a special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5.
The course introduces security components of Standard Java Edition, which is preceded with the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. The use of all components is presented through practical exercises, where participants can try out the discussed APIs and tools for themselves.
Finally, the course explains the most frequent and severe programming flaws of the Java language and platform. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Get practical knowledge in using security testing tools
Get sources and further readings on secure coding practices
Beyond solid knowledge in using Java components, even for experienced Java programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side, the different vulnerabilities that are relevant for web applications written in Java, and the consequences of the various risks.
General web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of Java with the most important aim to avoid the associated problems. In addition, a special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5.
The course introduces security components of Standard Java Edition, which is preceded with the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. Security issues of Java Enterprise Edition are presented through various exercises explaining both declarative and programmatic security techniques in JEE.
Finally, the course explains the most frequent and severe programming flaws of the Java language and platform. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Understand security concepts of Web services
Understand security solutions of Java EE
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Get practical knowledge in using security testing tools
Get sources and further readings on secure coding practices
Audience
Developers
[category_overview] =>
[outline] =>
IT security and secure coding
Web application security
Client-side security
Client-side security
Foundations of Java security
Practical cryptography
Java security services
Security of Web services
XML security
JSON security
Java EE security
Common coding errors and vulnerabilities
Principles of security and secure coding
Knowledge sources
[language] => en
[duration] => 28
[status] => published
[changed] => 1700037228
[source_title] => Advanced Java, JEE and Web Application Security
[source_language] => en
[cert_code] =>
[weight] => 0
[excluded_sites] =>
[use_mt] => stdClass Object
(
[field_overview] =>
[field_course_outline] =>
[field_prerequisits] =>
[field_overview_in_category] =>
)
[cc] => cl-jwe
)
[cl-njs] => stdClass Object
(
[course_code] => cl-njs
[hr_nid] => 200321
[title] => Node.JS and Web Application Security
[requirements] =>
Basic Web application development
[overview] =>
As a developer, your duty is to write bulletproof code.
What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed? What if they could steal away your database and sell it on the black market?
This Web application security course will change the way you look at code. A hands-on training during which we will teach you all the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.
It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.
Delegates attending will:
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn about Node.js security
Learn about MongoDB security
Have a practical understanding of cryptography
Understand essential security protocols
Understand security concepts of Web services
Learn about JSON security
Get practical knowledge in using security testing techniques and tools
Learn how to handle vulnerabilities in the used platforms, frameworks and libraries
Get sources and further readings on secure coding practices
[category_overview] =>
[outline] =>
IT security and secure coding
Web application security
Client-side security
Node.js security
Practical cryptography
Security protocols
Denial of service
Security of Web services
JSON security
Other typical programming mistakes
Security testing
Deployment environment
Knowledge sources
[language] => en
[duration] => 21
[status] => published
[changed] => 1700037257
[source_title] => Node.JS and Web Application Security
[source_language] => en
[cert_code] =>
[weight] => 0
[excluded_sites] =>
[use_mt] => stdClass Object
(
[field_overview] =>
[field_course_outline] =>
[field_prerequisits] =>
[field_overview_in_category] =>
)
[cc] => cl-njs
)
[cl-nsc] => stdClass Object
(
[course_code] => cl-nsc
[hr_nid] => 154857
[title] => .NET, C# and ASP.NET Security Development
[requirements] =>
[overview] =>
A number of programming languages are available today to compile code to .NET and ASP.NET frameworks. The environment provides powerful means for security development, but developers should know how to apply the architecture- and coding-level programming techniques in order to implement the desired security functionality and avoid vulnerabilities or limit their exploitation.
The aim of this course is to teach developers through numerous hands-on exercises how to prevent untrusted code from performing privileged actions, protect resources through strong authentication and authorization, provide remote procedure calls, handle sessions, introduce different implementations for certain functionality, and many more.
Introduction of different vulnerabilities starts with presenting some typical programming problems committed when using .NET, while the discussion of vulnerabilities of the ASP.NET also deals with various environment settings and their effects. Finally, the topic of ASP.NET-specific vulnerabilities not only deals with some general web application security challenges, but also with special issues and attack methods like attacking the ViewState, or the string termination attacks.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn to use various security features of the .NET development environment
Get practical knowledge in using security testing tools
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in .NET and ASP.NET
Get sources and further readings on secure coding practices
Audience
Developers
[category_overview] =>
[outline] =>
IT security and secure coding
Web application security
.NET security architecture and services
Common coding errors and vulnerabilities
Knowledge sources
[language] => en
[duration] => 14
[status] => published
[changed] => 1700037228
[source_title] => .NET, C# and ASP.NET Security Development
[source_language] => en
[cert_code] =>
[weight] => 0
[excluded_sites] =>
[use_mt] => stdClass Object
(
[field_overview] =>
[field_course_outline] =>
[field_prerequisits] =>
[field_overview_in_category] =>
)
[cc] => cl-nsc
)
[cl-nwa] => stdClass Object
(
[course_code] => cl-nwa
[hr_nid] => 154873
[title] => Advanced C#, ASP.NET and Web Application Security
[requirements] =>
[overview] =>
Beyond solid knowledge in using various security features of .NET and ASP.NET, even for experienced programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side along with the consequences of the various risks.
In this course the general web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of ASP.NET. A special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5.
The course also deals with the security architecture and components of the .NET framework, including code- and role based access control, permission declaration and checking mechanisms and the transparency model. A brief introduction to the foundations of cryptography provides a common practical baseline for understanding the purpose and the operation of various algorithms, based on which the course presents the cryptographic features that can be used in .NET.
Introduction of different security bugs follows the well-established vulnerability categories, tackling input validation, security features, error handling, time- and state-related problems, the group of general code quality issues, and a special section on ASP.NET-specific vulnerabilities. These topics are concluded with an overview on testing tools that can be used to automatically reveal some of the learnt bugs.
Topics are presented through practical exercises where participants can try out the consequences of certain vulnerabilities, the mitigations, as well as the discussed APIs and tools for themselves.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn to use various security features of the .NET development environment
Have a practical understanding of cryptography
Get information about some recent vulnerabilities in .NET and ASP.NET
Get practical knowledge in using security testing tools
Learn about typical coding mistakes and how to avoid them
Get sources and further readings on secure coding practices
Audience
Developers
[category_overview] =>
[outline] =>
IT security and secure coding
Web application security
Client-side security
Client-side security
.NET security architecture and services
Practical cryptography
ASP.NET security architecture
Common coding errors and vulnerabilities
Principles of security and secure coding
Knowledge sources
[language] => en
[duration] => 21
[status] => published
[changed] => 1700037229
[source_title] => Advanced C#, ASP.NET and Web Application Security
[source_language] => en
[cert_code] =>
[weight] => 0
[excluded_sites] =>
[use_mt] => stdClass Object
(
[field_overview] =>
[field_course_outline] =>
[field_prerequisits] =>
[field_overview_in_category] =>
)
[cc] => cl-nwa
)
[cl-osc] => stdClass Object
(
[course_code] => cl-osc
[hr_nid] => 155025
[title] => The Secure Coding Landscape
[requirements] =>
[overview] =>
The course introduces some common security concepts, gives an overview about the nature of the vulnerabilities regardless of the used programming languages and platforms, and explains how to handle the risks that apply regarding software security in the various phases of the software development lifecycle. Without going deeply into technical details, it highlights some of the most interesting and most aching vulnerabilities in various software development technologies, and presents the challenges of security testing, along with some techniques and tools that one can apply to find any existing problems in their code.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Understand Web vulnerabilities both on server and client side
Realize the severe consequences of unsecure buffer handling
Be informated about some recent vulnerabilities in development environments and frameworks
Learn about typical coding mistakes and how to avoid them
Understand security testing approaches and methodologies
Audience
Managers
[category_overview] =>
[outline] =>
Agenda
Introduction
IT security and secure coding
Security challenges of various platforms – highlights –
A number of programming languages are available today to compile code to .NET and ASP.NET frameworks. The environment provides powerful means for security development, but developers should know how to apply the architecture- and coding-level programming techniques in order to implement the desired security functionality and avoid vulnerabilities or limit their exploitation.
The aim of this course is to teach developers through numerous hands-on exercises how to prevent untrusted code from performing privileged actions, protect resources through strong authentication and authorization, provide remote procedure calls, handle sessions, introduce different implementations for certain functionality, and many more. A special section is devoted to configuration and hardening of the .NET and ASP.NET environment for security.
A brief introduction to the foundations of cryptography provides a common practical baseline for understanding the purpose and the operation of various algorithms, based on which the course presents the cryptographic features that can be used in .NET. This is followed by the introduction of some recent crypto vulnerabilities both related to certain crypto algorithms and cryptographic protocols, as well as side-channel attacks.
Introduction of different vulnerabilities starts with presenting some typical programming problems committed when using .NET, including bug categories of input validation, error handling or race conditions. A special focus is given to XML security, while the topic of ASP.NET-specific vulnerabilities tackles some special issues and attack methods: like attacking the ViewState, or the string termination attacks.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn to use various security features of the .NET development environment
Have a practical understanding of cryptography
Understand some recent attacks against cryptosystems
Get information about some recent vulnerabilities in .NET and ASP.NET
Learn about typical coding mistakes and how to avoid them
Get practical knowledge in using security testing tools
Get sources and further readings on secure coding practices
Audience
Developers
Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
IT security and secure coding
.NET security architecture and services
Practical cryptography
ASP.NET security architecture
Cryptographic vulnerabilities
RSA timing attack
Features and vulnerabilities
Denial of service
ASP.NETconfiguration and hardening
XML security
Common coding errors and vulnerabilities
Principles of security and secure coding
Knowledge sources
21 Hours
Comprehensive C# and .NET Application Security Training Course - Booking
Comprehensive C# and .NET Application Security Training Course - Enquiry
Comprehensive C# and .NET Application Security - Consultancy Enquiry
Testimonials (1)
Me gustó ver desarrollo seguro en ASP.NEt pero hicieron falta ejercicios práticos para implementar en el dia a dia de los desarrolladores
Alma Xocua - PASE, Servicios Electrónicos S.A. de C.V.
Course - Comprehensive C# and .NET Application Security
This course will help professionals understand the value and limits of Application Security. While the Application Security Principals provides valuable awareness around some of the major risks in applications today, this course will highlight both the good and not so good.
This course is crucial because of the increasing need for developers to code in a secure manner. It is critical to introduce security as a quality component into the development cycle. This course aims at educating developers about various security vulnerabilities through hands-on practice using our purposely developed insecure web application.
Android is an open platform for mobile devices such as handsets and tablets. It has a large variety of security features to make developing secure software easier; however, it is also missing certain security aspects that are present in other hand-held platforms. The course gives a comprehensive overview of these features, and points out the most critical shortcomings to be aware of related to the underlying Linux, the file system and the environment in general, as well as regarding using permissions and other Android software development components.
Typical security pitfalls and vulnerabilities are described both for native code and Java applications, along with recommendations and best practices to avoid and mitigate them. In many cases discussed issues are supported with real-life examples and case studies. Finally, we give a brief overview on how to use security testing tools to reveal any security relevant programming bugs.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn the security solutions on Android
Learn to use various security features of the Android platform
Get information about some recent vulnerabilities in Java on Android
Learn about typical coding mistakes and how to avoid them
Get understanding on native code vulnerabilities on Android
Realize the severe consequences of unsecure buffer handling in native code
Understand the architectural protection techniques and their weaknesses
Get sources and further readings on secure coding practices
Implementing a secure networked application can be difficult, even for developers who may have used various cryptographic building blocks (such as encryption and digital signatures) beforehand. In order to make the participants understand the role and usage of these cryptographic primitives, first a solid foundation on the main requirements of secure communication – secure acknowledgement, integrity, confidentiality, remote identification and anonymity – is given, while also presenting the typical problems that may damage these requirements along with real-world solutions.
As a critical aspect of network security is cryptography, the most important cryptographic algorithms in symmetric cryptography, hashing, asymmetric cryptography, and key agreement are also discussed. Instead of presenting an in-depth mathematical background, these elements are discussed from a developer's perspective, showing typical use-case examples and practical considerations related to the use of crypto, such as public key infrastructures. Security protocols in many areas of secure communication are introduced, with an in-depth discussion on the most widely-used protocol families such as IPSEC and SSL/TLS.
Typical crypto vulnerabilities are discussed both related to certain crypto algorithms and cryptographic protocols, such as BEAST, CRIME, TIME, BREACH, FREAK, Logjam, Padding oracle, Lucky Thirteen, POODLE and similar, as well as the RSA timing attack. In each case, the practical considerations and potential consequences are described for each problem, again, without going into deep mathematical details.
Finally, as XML technology is central for data exchange by networked applications, the security aspects of XML are described. This includes the usage of XML within web services and SOAP messages alongside protection measures such as XML signature and XML encryption – as well as weaknesses in those protection measures and XML-specific security issues such as XML injection, XML external entity (XXE) attacks, XML bombs, and XPath injection.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Understand the requirements of secure communication
Learn about network attacks and defenses at different OSI layers
Have a practical understanding of cryptography
Understand essential security protocols
Understand some recent attacks against cryptosystems
Get information about some recent related vulnerabilities
Understand security concepts of Web services
Get sources and further readings on secure coding practices
To serve in the best way heterogeneous development groups that are using various platforms simultaneously during their everyday work, we have merged various topics into a combined course that presents diverse secure coding subjects in didactic manner on a single training event. This course combines C/C++ and Java platform security to provide an extensive, cross-platform secure coding expertise.
Concerning C/C++, common security vulnerabilities are discussed, backed by practical exercises about the attacking methods that exploit these vulnerabilities, with the focus on the mitigation techniques that can be applied to prevent the occurrences of these dangerous bugs, detect them before market launch or prevent their exploitation.
Security components and service of Java are discussed by presenting the different APIs and tools through a number of practical exercises where participants can gain hands-on experience in using them. The course also covers security issues of web services and the related Java services that can be applied to prevent the most aching threats of the Internet based services. Finally, web- and Java-related security vulnerabilities are demonstrated by easy-to-understand exercises, which not only show the root cause of the problems, but also demonstrate the attack methods along with the recommended mitigation and coding techniques in order to avoid the associated security problems.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Realize the severe consequences of unsecure buffer handling
Understand the architectural protection techniques and their weaknesses
Learn about typical coding mistakes and how to avoid them
Be informed about recent vulnerabilities in various platforms, frameworks and libraries
Get sources and further readings on secure coding practices
Migrating to the cloud introduces immense benefits for companies and individuals in terms of efficiency and costs. With respect to security, the effects are quite diverse, but it is a common perception that using cloud services impacts security in a positive manner. Opinions, however, diverge many times even on defining who is responsible for ensuring the security of cloud resources.
Covering IaaS, PaaS and SaaS, first the security of the infrastructure is discussed: hardening and configuration issues as well as various solutions for authentication and authorization alongside identity management that should be at the core of all security architecture. This is followed by some basics regarding legal and contractual issues, namely how trust is established and governed in the cloud.
The journey through cloud security continues with understanding cloud-specific threats and the attackers’ goals and motivations as well as typical attack steps taken against cloud solutions. Special focus is also given to auditing the cloud and providing security evaluation of cloud solutions on all levels, including penetration testing and vulnerability analysis.
The focus of the course is on application security issues, dealing both with data security and the security of the applications themselves. From the standpoint of application security, cloud computing security is not substantially different from general software security, and therefore basically all OWASP-enlisted vulnerabilities are relevant in this domain as well. It is the set of threats and risks that makes the difference, and thus the training is concluded with the enumeration of various cloud-specific attack vectors connected to the weaknesses discussed beforehand.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Understand major threats and risks in the cloud domain
Learn about elementary cloud security solutions
Get information about the trust and the governance regarding the cloud
Have a practical understanding of cryptography
Get extensive knowledge in application security in the cloud
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Understand the challenges of auditing and evaluating cloud systems for security
Learn how to secure the cloud environment and infrastructure
Get sources and further readings on secure coding practices
This three day course covers the basics of securing the C/C++ code against the malicious users who may exploit many vulnerabilities in the code with memory management and input handling, the course cover the principals of writing secure code.
Even experienced Java programmers are not mastering by all means the various security services offered by Java, and are likewise not aware of the different vulnerabilities that are relevant for web applications written in Java.
The course – besides introducing security components of Standard Java Edition – deals with security issues of Java Enterprise Edition (JEE) and web services. Discussion of specific services is preceded with the foundations of cryptography and secure communication. Various exercises deal with declarative and programmatic security techniques in JEE, while both transport-layer and end-to-end security of web services is discussed. The use of all components is presented through several practical exercises, where participants can try out the discussed APIs and tools for themselves.
The course also goes through and explains the most frequent and severe programming flaws of the Java language and platform and web-related vulnerabilities. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Understand security concepts of Web services
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Understand security solutions of Java EE
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Get practical knowledge in using security testing tools
Get sources and further readings on secure coding practices
Even experienced programmers do not master by all means the various security services offered by their development platforms, and are likewise not aware of the different vulnerabilities that are relevant for their developments. This course targets developers using both Java and PHP, providing them essential skills necessary to make their applications resistant to contemporary attacks through the Internet.
Levels of Java security architecture are walked through by tackling access control, authentication and authorization, secure communication and various cryptographic functions. Various APIs are also introduced that can be used to secure your code in PHP, like OpenSSL for cryptography or HTML Purifier for input validation. On server side, the best practices are given for hardening and configuring the operating system, the web container, the file system, the SQL server and the PHP itself, while a special focus is given to client-side security through security issues of JavaScript, Ajax and HTML5.
General web vulnerabilities are discussed by examples aligned to the OWASP Top Ten, showing various injection attacks, script injections, attacks against session handling, insecure direct object references, issues with file uploads, and many others. The various Java- and PHP-specific language problems and issues stemming from the runtime environment are introduced grouped into the standard vulnerability types of missing or improper input validation, improper use of security features, incorrect error and exception handling, time- and state-related problems, code quality issues and mobile code-related vulnerabilities.
Participants can try out the discussed APIs, tools and the effects of configurations for themselves, while the introduction of vulnerabilities are all supported by a number of hands-on exercises demonstrating the consequences of successful attacks, showing how to correct the bugs and apply mitigation techniques, and introducing the use of various extensions and tools.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Learn to use various security features of PHP
Understand security concepts of Web services
Get practical knowledge in using security testing tools
Learn about typical coding mistakes and how to avoid them
Be informed about recent vulnerabilities in Java and PHP frameworks and libraries
Get sources and further readings on secure coding practices
The Java language and the Runtime Environment (JRE) was designed to be free from the most problematic common security vulnerabilities experienced in other languages, like C/C++. Yet, software developers and architects should not only know how to use the various security features of the Java environment (positive security), but should also be aware of the numerous vulnerabilities that are still relevant for Java development (negative security).
The introduction of security services is preceded with a brief overview of the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. The use of these components is presented through several practical exercises, where participants can try out the discussed APIs for themselves.
The course also goes through and explains the most frequent and severe programming flaws of the Java language and platform, covering both the typical bugs committed by Java programmers and the language- and environment-specific issues. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Get sources and further readings on secure coding practices
Beyond solid knowledge in using Java components, even for experienced Java programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side, the different vulnerabilities that are relevant for web applications written in Java, and the consequences of the various risks.
General web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of Java with the most important aim to avoid the associated problems. In addition, a special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5.
The course introduces security components of Standard Java Edition, which is preceded with the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. The use of all components is presented through practical exercises, where participants can try out the discussed APIs and tools for themselves.
Finally, the course explains the most frequent and severe programming flaws of the Java language and platform. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Get practical knowledge in using security testing tools
Get sources and further readings on secure coding practices
Beyond solid knowledge in using Java components, even for experienced Java programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side, the different vulnerabilities that are relevant for web applications written in Java, and the consequences of the various risks.
General web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of Java with the most important aim to avoid the associated problems. In addition, a special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5.
The course introduces security components of Standard Java Edition, which is preceded with the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. Security issues of Java Enterprise Edition are presented through various exercises explaining both declarative and programmatic security techniques in JEE.
Finally, the course explains the most frequent and severe programming flaws of the Java language and platform. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Understand security concepts of Web services
Understand security solutions of Java EE
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Get practical knowledge in using security testing tools
Get sources and further readings on secure coding practices
As a developer, your duty is to write bulletproof code.
What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed? What if they could steal away your database and sell it on the black market?
This Web application security course will change the way you look at code. A hands-on training during which we will teach you all the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.
It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.
Delegates attending will:
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn about Node.js security
Learn about MongoDB security
Have a practical understanding of cryptography
Understand essential security protocols
Understand security concepts of Web services
Learn about JSON security
Get practical knowledge in using security testing techniques and tools
Learn how to handle vulnerabilities in the used platforms, frameworks and libraries
Get sources and further readings on secure coding practices
A number of programming languages are available today to compile code to .NET and ASP.NET frameworks. The environment provides powerful means for security development, but developers should know how to apply the architecture- and coding-level programming techniques in order to implement the desired security functionality and avoid vulnerabilities or limit their exploitation.
The aim of this course is to teach developers through numerous hands-on exercises how to prevent untrusted code from performing privileged actions, protect resources through strong authentication and authorization, provide remote procedure calls, handle sessions, introduce different implementations for certain functionality, and many more.
Introduction of different vulnerabilities starts with presenting some typical programming problems committed when using .NET, while the discussion of vulnerabilities of the ASP.NET also deals with various environment settings and their effects. Finally, the topic of ASP.NET-specific vulnerabilities not only deals with some general web application security challenges, but also with special issues and attack methods like attacking the ViewState, or the string termination attacks.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn to use various security features of the .NET development environment
Get practical knowledge in using security testing tools
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in .NET and ASP.NET
Get sources and further readings on secure coding practices
Beyond solid knowledge in using various security features of .NET and ASP.NET, even for experienced programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side along with the consequences of the various risks.
In this course the general web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of ASP.NET. A special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5.
The course also deals with the security architecture and components of the .NET framework, including code- and role based access control, permission declaration and checking mechanisms and the transparency model. A brief introduction to the foundations of cryptography provides a common practical baseline for understanding the purpose and the operation of various algorithms, based on which the course presents the cryptographic features that can be used in .NET.
Introduction of different security bugs follows the well-established vulnerability categories, tackling input validation, security features, error handling, time- and state-related problems, the group of general code quality issues, and a special section on ASP.NET-specific vulnerabilities. These topics are concluded with an overview on testing tools that can be used to automatically reveal some of the learnt bugs.
Topics are presented through practical exercises where participants can try out the consequences of certain vulnerabilities, the mitigations, as well as the discussed APIs and tools for themselves.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn to use various security features of the .NET development environment
Have a practical understanding of cryptography
Get information about some recent vulnerabilities in .NET and ASP.NET
Get practical knowledge in using security testing tools
Learn about typical coding mistakes and how to avoid them
Get sources and further readings on secure coding practices
The course introduces some common security concepts, gives an overview about the nature of the vulnerabilities regardless of the used programming languages and platforms, and explains how to handle the risks that apply regarding software security in the various phases of the software development lifecycle. Without going deeply into technical details, it highlights some of the most interesting and most aching vulnerabilities in various software development technologies, and presents the challenges of security testing, along with some techniques and tools that one can apply to find any existing problems in their code.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Understand Web vulnerabilities both on server and client side
Realize the severe consequences of unsecure buffer handling
Be informated about some recent vulnerabilities in development environments and frameworks
Learn about typical coding mistakes and how to avoid them
Understand security testing approaches and methodologies
A number of programming languages are available today to compile code to .NET and ASP.NET frameworks. The environment provides powerful means for security development, but developers should know how to apply the architecture- and coding-level programming techniques in order to implement the desired security functionality and avoid vulnerabilities or limit their exploitation.
The aim of this course is to teach developers through numerous hands-on exercises how to prevent untrusted code from performing privileged actions, protect resources through strong authentication and authorization, provide remote procedure calls, handle sessions, introduce different implementations for certain functionality, and many more. A special section is devoted to configuration and hardening of the .NET and ASP.NET environment for security.
A brief introduction to the foundations of cryptography provides a common practical baseline for understanding the purpose and the operation of various algorithms, based on which the course presents the cryptographic features that can be used in .NET. This is followed by the introduction of some recent crypto vulnerabilities both related to certain crypto algorithms and cryptographic protocols, as well as side-channel attacks.
Introduction of different vulnerabilities starts with presenting some typical programming problems committed when using .NET, including bug categories of input validation, error handling or race conditions. A special focus is given to XML security, while the topic of ASP.NET-specific vulnerabilities tackles some special issues and attack methods: like attacking the ViewState, or the string termination attacks.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn to use various security features of the .NET development environment
Have a practical understanding of cryptography
Understand some recent attacks against cryptosystems
Get information about some recent vulnerabilities in .NET and ASP.NET
Learn about typical coding mistakes and how to avoid them
Get practical knowledge in using security testing tools
Get sources and further readings on secure coding practices
Basics of any programming language
Experience in developing applications
[overview] =>
This course will help professionals understand the value and limits of Application Security. While the Application Security Principals provides valuable awareness around some of the major risks in applications today, this course will highlight both the good and not so good.
This course is crucial because of the increasing need for developers to code in a secure manner. It is critical to introduce security as a quality component into the development cycle. This course aims at educating developers about various security vulnerabilities through hands-on practice using our purposely developed insecure web application.
[category_overview] =>
[outline] =>
Discuss the role of security in the software development lifecycle and how best to create secure applications
Recognize how these software security defects are exploited
Discuss discovery methods for these issues
Implement the practices that help prevent the most common mistakes and lead to more secure software
Android is an open platform for mobile devices such as handsets and tablets. It has a large variety of security features to make developing secure software easier; however, it is also missing certain security aspects that are present in other hand-held platforms. The course gives a comprehensive overview of these features, and points out the most critical shortcomings to be aware of related to the underlying Linux, the file system and the environment in general, as well as regarding using permissions and other Android software development components.
Typical security pitfalls and vulnerabilities are described both for native code and Java applications, along with recommendations and best practices to avoid and mitigate them. In many cases discussed issues are supported with real-life examples and case studies. Finally, we give a brief overview on how to use security testing tools to reveal any security relevant programming bugs.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn the security solutions on Android
Learn to use various security features of the Android platform
Get information about some recent vulnerabilities in Java on Android
Learn about typical coding mistakes and how to avoid them
Get understanding on native code vulnerabilities on Android
Realize the severe consequences of unsecure buffer handling in native code
Understand the architectural protection techniques and their weaknesses
Get sources and further readings on secure coding practices
Implementing a secure networked application can be difficult, even for developers who may have used various cryptographic building blocks (such as encryption and digital signatures) beforehand. In order to make the participants understand the role and usage of these cryptographic primitives, first a solid foundation on the main requirements of secure communication – secure acknowledgement, integrity, confidentiality, remote identification and anonymity – is given, while also presenting the typical problems that may damage these requirements along with real-world solutions.
As a critical aspect of network security is cryptography, the most important cryptographic algorithms in symmetric cryptography, hashing, asymmetric cryptography, and key agreement are also discussed. Instead of presenting an in-depth mathematical background, these elements are discussed from a developer's perspective, showing typical use-case examples and practical considerations related to the use of crypto, such as public key infrastructures. Security protocols in many areas of secure communication are introduced, with an in-depth discussion on the most widely-used protocol families such as IPSEC and SSL/TLS.
Typical crypto vulnerabilities are discussed both related to certain crypto algorithms and cryptographic protocols, such as BEAST, CRIME, TIME, BREACH, FREAK, Logjam, Padding oracle, Lucky Thirteen, POODLE and similar, as well as the RSA timing attack. In each case, the practical considerations and potential consequences are described for each problem, again, without going into deep mathematical details.
Finally, as XML technology is central for data exchange by networked applications, the security aspects of XML are described. This includes the usage of XML within web services and SOAP messages alongside protection measures such as XML signature and XML encryption – as well as weaknesses in those protection measures and XML-specific security issues such as XML injection, XML external entity (XXE) attacks, XML bombs, and XPath injection.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Understand the requirements of secure communication
Learn about network attacks and defenses at different OSI layers
Have a practical understanding of cryptography
Understand essential security protocols
Understand some recent attacks against cryptosystems
Get information about some recent related vulnerabilities
Understand security concepts of Web services
Get sources and further readings on secure coding practices
To serve in the best way heterogeneous development groups that are using various platforms simultaneously during their everyday work, we have merged various topics into a combined course that presents diverse secure coding subjects in didactic manner on a single training event. This course combines C/C++ and Java platform security to provide an extensive, cross-platform secure coding expertise.
Concerning C/C++, common security vulnerabilities are discussed, backed by practical exercises about the attacking methods that exploit these vulnerabilities, with the focus on the mitigation techniques that can be applied to prevent the occurrences of these dangerous bugs, detect them before market launch or prevent their exploitation.
Security components and service of Java are discussed by presenting the different APIs and tools through a number of practical exercises where participants can gain hands-on experience in using them. The course also covers security issues of web services and the related Java services that can be applied to prevent the most aching threats of the Internet based services. Finally, web- and Java-related security vulnerabilities are demonstrated by easy-to-understand exercises, which not only show the root cause of the problems, but also demonstrate the attack methods along with the recommended mitigation and coding techniques in order to avoid the associated security problems.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Realize the severe consequences of unsecure buffer handling
Understand the architectural protection techniques and their weaknesses
Learn about typical coding mistakes and how to avoid them
Be informed about recent vulnerabilities in various platforms, frameworks and libraries
Get sources and further readings on secure coding practices
Migrating to the cloud introduces immense benefits for companies and individuals in terms of efficiency and costs. With respect to security, the effects are quite diverse, but it is a common perception that using cloud services impacts security in a positive manner. Opinions, however, diverge many times even on defining who is responsible for ensuring the security of cloud resources.
Covering IaaS, PaaS and SaaS, first the security of the infrastructure is discussed: hardening and configuration issues as well as various solutions for authentication and authorization alongside identity management that should be at the core of all security architecture. This is followed by some basics regarding legal and contractual issues, namely how trust is established and governed in the cloud.
The journey through cloud security continues with understanding cloud-specific threats and the attackers’ goals and motivations as well as typical attack steps taken against cloud solutions. Special focus is also given to auditing the cloud and providing security evaluation of cloud solutions on all levels, including penetration testing and vulnerability analysis.
The focus of the course is on application security issues, dealing both with data security and the security of the applications themselves. From the standpoint of application security, cloud computing security is not substantially different from general software security, and therefore basically all OWASP-enlisted vulnerabilities are relevant in this domain as well. It is the set of threats and risks that makes the difference, and thus the training is concluded with the enumeration of various cloud-specific attack vectors connected to the weaknesses discussed beforehand.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Understand major threats and risks in the cloud domain
Learn about elementary cloud security solutions
Get information about the trust and the governance regarding the cloud
Have a practical understanding of cryptography
Get extensive knowledge in application security in the cloud
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Understand the challenges of auditing and evaluating cloud systems for security
Learn how to secure the cloud environment and infrastructure
Get sources and further readings on secure coding practices
This three day course covers the basics of securing the C/C++ code against the malicious users who may exploit many vulnerabilities in the code with memory management and input handling, the course cover the principals of writing secure code.
Even experienced Java programmers are not mastering by all means the various security services offered by Java, and are likewise not aware of the different vulnerabilities that are relevant for web applications written in Java.
The course – besides introducing security components of Standard Java Edition – deals with security issues of Java Enterprise Edition (JEE) and web services. Discussion of specific services is preceded with the foundations of cryptography and secure communication. Various exercises deal with declarative and programmatic security techniques in JEE, while both transport-layer and end-to-end security of web services is discussed. The use of all components is presented through several practical exercises, where participants can try out the discussed APIs and tools for themselves.
The course also goes through and explains the most frequent and severe programming flaws of the Java language and platform and web-related vulnerabilities. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Understand security concepts of Web services
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Understand security solutions of Java EE
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Get practical knowledge in using security testing tools
Get sources and further readings on secure coding practices
Even experienced programmers do not master by all means the various security services offered by their development platforms, and are likewise not aware of the different vulnerabilities that are relevant for their developments. This course targets developers using both Java and PHP, providing them essential skills necessary to make their applications resistant to contemporary attacks through the Internet.
Levels of Java security architecture are walked through by tackling access control, authentication and authorization, secure communication and various cryptographic functions. Various APIs are also introduced that can be used to secure your code in PHP, like OpenSSL for cryptography or HTML Purifier for input validation. On server side, the best practices are given for hardening and configuring the operating system, the web container, the file system, the SQL server and the PHP itself, while a special focus is given to client-side security through security issues of JavaScript, Ajax and HTML5.
General web vulnerabilities are discussed by examples aligned to the OWASP Top Ten, showing various injection attacks, script injections, attacks against session handling, insecure direct object references, issues with file uploads, and many others. The various Java- and PHP-specific language problems and issues stemming from the runtime environment are introduced grouped into the standard vulnerability types of missing or improper input validation, improper use of security features, incorrect error and exception handling, time- and state-related problems, code quality issues and mobile code-related vulnerabilities.
Participants can try out the discussed APIs, tools and the effects of configurations for themselves, while the introduction of vulnerabilities are all supported by a number of hands-on exercises demonstrating the consequences of successful attacks, showing how to correct the bugs and apply mitigation techniques, and introducing the use of various extensions and tools.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Learn to use various security features of PHP
Understand security concepts of Web services
Get practical knowledge in using security testing tools
Learn about typical coding mistakes and how to avoid them
Be informed about recent vulnerabilities in Java and PHP frameworks and libraries
Get sources and further readings on secure coding practices
The Java language and the Runtime Environment (JRE) was designed to be free from the most problematic common security vulnerabilities experienced in other languages, like C/C++. Yet, software developers and architects should not only know how to use the various security features of the Java environment (positive security), but should also be aware of the numerous vulnerabilities that are still relevant for Java development (negative security).
The introduction of security services is preceded with a brief overview of the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. The use of these components is presented through several practical exercises, where participants can try out the discussed APIs for themselves.
The course also goes through and explains the most frequent and severe programming flaws of the Java language and platform, covering both the typical bugs committed by Java programmers and the language- and environment-specific issues. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Get sources and further readings on secure coding practices
Beyond solid knowledge in using Java components, even for experienced Java programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side, the different vulnerabilities that are relevant for web applications written in Java, and the consequences of the various risks.
General web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of Java with the most important aim to avoid the associated problems. In addition, a special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5.
The course introduces security components of Standard Java Edition, which is preceded with the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. The use of all components is presented through practical exercises, where participants can try out the discussed APIs and tools for themselves.
Finally, the course explains the most frequent and severe programming flaws of the Java language and platform. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Get practical knowledge in using security testing tools
Get sources and further readings on secure coding practices
Beyond solid knowledge in using Java components, even for experienced Java programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side, the different vulnerabilities that are relevant for web applications written in Java, and the consequences of the various risks.
General web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of Java with the most important aim to avoid the associated problems. In addition, a special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5.
The course introduces security components of Standard Java Edition, which is preceded with the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. Security issues of Java Enterprise Edition are presented through various exercises explaining both declarative and programmatic security techniques in JEE.
Finally, the course explains the most frequent and severe programming flaws of the Java language and platform. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Understand security concepts of Web services
Understand security solutions of Java EE
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Get practical knowledge in using security testing tools
Get sources and further readings on secure coding practices
Audience
Developers
[category_overview] =>
[outline] =>
IT security and secure coding
Web application security
Client-side security
Client-side security
Foundations of Java security
Practical cryptography
Java security services
Security of Web services
XML security
JSON security
Java EE security
Common coding errors and vulnerabilities
Principles of security and secure coding
Knowledge sources
[language] => en
[duration] => 28
[status] => published
[changed] => 1700037228
[source_title] => Advanced Java, JEE and Web Application Security
[source_language] => en
[cert_code] =>
[weight] => 0
[excluded_sites] =>
[use_mt] => stdClass Object
(
[field_overview] =>
[field_course_outline] =>
[field_prerequisits] =>
[field_overview_in_category] =>
)
[cc] => cl-jwe
)
[cl-njs] => stdClass Object
(
[course_code] => cl-njs
[hr_nid] => 200321
[title] => Node.JS and Web Application Security
[requirements] =>
Basic Web application development
[overview] =>
As a developer, your duty is to write bulletproof code.
What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed? What if they could steal away your database and sell it on the black market?
This Web application security course will change the way you look at code. A hands-on training during which we will teach you all the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.
It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.
Delegates attending will:
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn about Node.js security
Learn about MongoDB security
Have a practical understanding of cryptography
Understand essential security protocols
Understand security concepts of Web services
Learn about JSON security
Get practical knowledge in using security testing techniques and tools
Learn how to handle vulnerabilities in the used platforms, frameworks and libraries
Get sources and further readings on secure coding practices
[category_overview] =>
[outline] =>
IT security and secure coding
Web application security
Client-side security
Node.js security
Practical cryptography
Security protocols
Denial of service
Security of Web services
JSON security
Other typical programming mistakes
Security testing
Deployment environment
Knowledge sources
[language] => en
[duration] => 21
[status] => published
[changed] => 1700037257
[source_title] => Node.JS and Web Application Security
[source_language] => en
[cert_code] =>
[weight] => 0
[excluded_sites] =>
[use_mt] => stdClass Object
(
[field_overview] =>
[field_course_outline] =>
[field_prerequisits] =>
[field_overview_in_category] =>
)
[cc] => cl-njs
)
[cl-nsc] => stdClass Object
(
[course_code] => cl-nsc
[hr_nid] => 154857
[title] => .NET, C# and ASP.NET Security Development
[requirements] =>
[overview] =>
A number of programming languages are available today to compile code to .NET and ASP.NET frameworks. The environment provides powerful means for security development, but developers should know how to apply the architecture- and coding-level programming techniques in order to implement the desired security functionality and avoid vulnerabilities or limit their exploitation.
The aim of this course is to teach developers through numerous hands-on exercises how to prevent untrusted code from performing privileged actions, protect resources through strong authentication and authorization, provide remote procedure calls, handle sessions, introduce different implementations for certain functionality, and many more.
Introduction of different vulnerabilities starts with presenting some typical programming problems committed when using .NET, while the discussion of vulnerabilities of the ASP.NET also deals with various environment settings and their effects. Finally, the topic of ASP.NET-specific vulnerabilities not only deals with some general web application security challenges, but also with special issues and attack methods like attacking the ViewState, or the string termination attacks.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn to use various security features of the .NET development environment
Get practical knowledge in using security testing tools
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in .NET and ASP.NET
Get sources and further readings on secure coding practices
Audience
Developers
[category_overview] =>
[outline] =>
IT security and secure coding
Web application security
.NET security architecture and services
Common coding errors and vulnerabilities
Knowledge sources
[language] => en
[duration] => 14
[status] => published
[changed] => 1700037228
[source_title] => .NET, C# and ASP.NET Security Development
[source_language] => en
[cert_code] =>
[weight] => 0
[excluded_sites] =>
[use_mt] => stdClass Object
(
[field_overview] =>
[field_course_outline] =>
[field_prerequisits] =>
[field_overview_in_category] =>
)
[cc] => cl-nsc
)
[cl-nwa] => stdClass Object
(
[course_code] => cl-nwa
[hr_nid] => 154873
[title] => Advanced C#, ASP.NET and Web Application Security
[requirements] =>
[overview] =>
Beyond solid knowledge in using various security features of .NET and ASP.NET, even for experienced programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side along with the consequences of the various risks.
In this course the general web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of ASP.NET. A special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5.
The course also deals with the security architecture and components of the .NET framework, including code- and role based access control, permission declaration and checking mechanisms and the transparency model. A brief introduction to the foundations of cryptography provides a common practical baseline for understanding the purpose and the operation of various algorithms, based on which the course presents the cryptographic features that can be used in .NET.
Introduction of different security bugs follows the well-established vulnerability categories, tackling input validation, security features, error handling, time- and state-related problems, the group of general code quality issues, and a special section on ASP.NET-specific vulnerabilities. These topics are concluded with an overview on testing tools that can be used to automatically reveal some of the learnt bugs.
Topics are presented through practical exercises where participants can try out the consequences of certain vulnerabilities, the mitigations, as well as the discussed APIs and tools for themselves.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn to use various security features of the .NET development environment
Have a practical understanding of cryptography
Get information about some recent vulnerabilities in .NET and ASP.NET
Get practical knowledge in using security testing tools
Learn about typical coding mistakes and how to avoid them
Get sources and further readings on secure coding practices
Audience
Developers
[category_overview] =>
[outline] =>
IT security and secure coding
Web application security
Client-side security
Client-side security
.NET security architecture and services
Practical cryptography
ASP.NET security architecture
Common coding errors and vulnerabilities
Principles of security and secure coding
Knowledge sources
[language] => en
[duration] => 21
[status] => published
[changed] => 1700037229
[source_title] => Advanced C#, ASP.NET and Web Application Security
[source_language] => en
[cert_code] =>
[weight] => 0
[excluded_sites] =>
[use_mt] => stdClass Object
(
[field_overview] =>
[field_course_outline] =>
[field_prerequisits] =>
[field_overview_in_category] =>
)
[cc] => cl-nwa
)
[cl-osc] => stdClass Object
(
[course_code] => cl-osc
[hr_nid] => 155025
[title] => The Secure Coding Landscape
[requirements] =>
[overview] =>
The course introduces some common security concepts, gives an overview about the nature of the vulnerabilities regardless of the used programming languages and platforms, and explains how to handle the risks that apply regarding software security in the various phases of the software development lifecycle. Without going deeply into technical details, it highlights some of the most interesting and most aching vulnerabilities in various software development technologies, and presents the challenges of security testing, along with some techniques and tools that one can apply to find any existing problems in their code.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Understand Web vulnerabilities both on server and client side
Realize the severe consequences of unsecure buffer handling
Be informated about some recent vulnerabilities in development environments and frameworks
Learn about typical coding mistakes and how to avoid them
Understand security testing approaches and methodologies
Audience
Managers
[category_overview] =>
[outline] =>
Agenda
Introduction
IT security and secure coding
Security challenges of various platforms – highlights –
A number of programming languages are available today to compile code to .NET and ASP.NET frameworks. The environment provides powerful means for security development, but developers should know how to apply the architecture- and coding-level programming techniques in order to implement the desired security functionality and avoid vulnerabilities or limit their exploitation.
The aim of this course is to teach developers through numerous hands-on exercises how to prevent untrusted code from performing privileged actions, protect resources through strong authentication and authorization, provide remote procedure calls, handle sessions, introduce different implementations for certain functionality, and many more. A special section is devoted to configuration and hardening of the .NET and ASP.NET environment for security.
A brief introduction to the foundations of cryptography provides a common practical baseline for understanding the purpose and the operation of various algorithms, based on which the course presents the cryptographic features that can be used in .NET. This is followed by the introduction of some recent crypto vulnerabilities both related to certain crypto algorithms and cryptographic protocols, as well as side-channel attacks.
Introduction of different vulnerabilities starts with presenting some typical programming problems committed when using .NET, including bug categories of input validation, error handling or race conditions. A special focus is given to XML security, while the topic of ASP.NET-specific vulnerabilities tackles some special issues and attack methods: like attacking the ViewState, or the string termination attacks.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn to use various security features of the .NET development environment
Have a practical understanding of cryptography
Understand some recent attacks against cryptosystems
Get information about some recent vulnerabilities in .NET and ASP.NET
Learn about typical coding mistakes and how to avoid them
Get practical knowledge in using security testing tools
Get sources and further readings on secure coding practices
Basics of any programming language
Experience in developing applications
[overview] =>
This course will help professionals understand the value and limits of Application Security. While the Application Security Principals provides valuable awareness around some of the major risks in applications today, this course will highlight both the good and not so good.
This course is crucial because of the increasing need for developers to code in a secure manner. It is critical to introduce security as a quality component into the development cycle. This course aims at educating developers about various security vulnerabilities through hands-on practice using our purposely developed insecure web application.
[category_overview] =>
[outline] =>
Discuss the role of security in the software development lifecycle and how best to create secure applications
Recognize how these software security defects are exploited
Discuss discovery methods for these issues
Implement the practices that help prevent the most common mistakes and lead to more secure software
Android is an open platform for mobile devices such as handsets and tablets. It has a large variety of security features to make developing secure software easier; however, it is also missing certain security aspects that are present in other hand-held platforms. The course gives a comprehensive overview of these features, and points out the most critical shortcomings to be aware of related to the underlying Linux, the file system and the environment in general, as well as regarding using permissions and other Android software development components.
Typical security pitfalls and vulnerabilities are described both for native code and Java applications, along with recommendations and best practices to avoid and mitigate them. In many cases discussed issues are supported with real-life examples and case studies. Finally, we give a brief overview on how to use security testing tools to reveal any security relevant programming bugs.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn the security solutions on Android
Learn to use various security features of the Android platform
Get information about some recent vulnerabilities in Java on Android
Learn about typical coding mistakes and how to avoid them
Get understanding on native code vulnerabilities on Android
Realize the severe consequences of unsecure buffer handling in native code
Understand the architectural protection techniques and their weaknesses
Get sources and further readings on secure coding practices
Implementing a secure networked application can be difficult, even for developers who may have used various cryptographic building blocks (such as encryption and digital signatures) beforehand. In order to make the participants understand the role and usage of these cryptographic primitives, first a solid foundation on the main requirements of secure communication – secure acknowledgement, integrity, confidentiality, remote identification and anonymity – is given, while also presenting the typical problems that may damage these requirements along with real-world solutions.
As a critical aspect of network security is cryptography, the most important cryptographic algorithms in symmetric cryptography, hashing, asymmetric cryptography, and key agreement are also discussed. Instead of presenting an in-depth mathematical background, these elements are discussed from a developer's perspective, showing typical use-case examples and practical considerations related to the use of crypto, such as public key infrastructures. Security protocols in many areas of secure communication are introduced, with an in-depth discussion on the most widely-used protocol families such as IPSEC and SSL/TLS.
Typical crypto vulnerabilities are discussed both related to certain crypto algorithms and cryptographic protocols, such as BEAST, CRIME, TIME, BREACH, FREAK, Logjam, Padding oracle, Lucky Thirteen, POODLE and similar, as well as the RSA timing attack. In each case, the practical considerations and potential consequences are described for each problem, again, without going into deep mathematical details.
Finally, as XML technology is central for data exchange by networked applications, the security aspects of XML are described. This includes the usage of XML within web services and SOAP messages alongside protection measures such as XML signature and XML encryption – as well as weaknesses in those protection measures and XML-specific security issues such as XML injection, XML external entity (XXE) attacks, XML bombs, and XPath injection.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Understand the requirements of secure communication
Learn about network attacks and defenses at different OSI layers
Have a practical understanding of cryptography
Understand essential security protocols
Understand some recent attacks against cryptosystems
Get information about some recent related vulnerabilities
Understand security concepts of Web services
Get sources and further readings on secure coding practices
To serve in the best way heterogeneous development groups that are using various platforms simultaneously during their everyday work, we have merged various topics into a combined course that presents diverse secure coding subjects in didactic manner on a single training event. This course combines C/C++ and Java platform security to provide an extensive, cross-platform secure coding expertise.
Concerning C/C++, common security vulnerabilities are discussed, backed by practical exercises about the attacking methods that exploit these vulnerabilities, with the focus on the mitigation techniques that can be applied to prevent the occurrences of these dangerous bugs, detect them before market launch or prevent their exploitation.
Security components and service of Java are discussed by presenting the different APIs and tools through a number of practical exercises where participants can gain hands-on experience in using them. The course also covers security issues of web services and the related Java services that can be applied to prevent the most aching threats of the Internet based services. Finally, web- and Java-related security vulnerabilities are demonstrated by easy-to-understand exercises, which not only show the root cause of the problems, but also demonstrate the attack methods along with the recommended mitigation and coding techniques in order to avoid the associated security problems.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Realize the severe consequences of unsecure buffer handling
Understand the architectural protection techniques and their weaknesses
Learn about typical coding mistakes and how to avoid them
Be informed about recent vulnerabilities in various platforms, frameworks and libraries
Get sources and further readings on secure coding practices
Migrating to the cloud introduces immense benefits for companies and individuals in terms of efficiency and costs. With respect to security, the effects are quite diverse, but it is a common perception that using cloud services impacts security in a positive manner. Opinions, however, diverge many times even on defining who is responsible for ensuring the security of cloud resources.
Covering IaaS, PaaS and SaaS, first the security of the infrastructure is discussed: hardening and configuration issues as well as various solutions for authentication and authorization alongside identity management that should be at the core of all security architecture. This is followed by some basics regarding legal and contractual issues, namely how trust is established and governed in the cloud.
The journey through cloud security continues with understanding cloud-specific threats and the attackers’ goals and motivations as well as typical attack steps taken against cloud solutions. Special focus is also given to auditing the cloud and providing security evaluation of cloud solutions on all levels, including penetration testing and vulnerability analysis.
The focus of the course is on application security issues, dealing both with data security and the security of the applications themselves. From the standpoint of application security, cloud computing security is not substantially different from general software security, and therefore basically all OWASP-enlisted vulnerabilities are relevant in this domain as well. It is the set of threats and risks that makes the difference, and thus the training is concluded with the enumeration of various cloud-specific attack vectors connected to the weaknesses discussed beforehand.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Understand major threats and risks in the cloud domain
Learn about elementary cloud security solutions
Get information about the trust and the governance regarding the cloud
Have a practical understanding of cryptography
Get extensive knowledge in application security in the cloud
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Understand the challenges of auditing and evaluating cloud systems for security
Learn how to secure the cloud environment and infrastructure
Get sources and further readings on secure coding practices
This three day course covers the basics of securing the C/C++ code against the malicious users who may exploit many vulnerabilities in the code with memory management and input handling, the course cover the principals of writing secure code.
Even experienced Java programmers are not mastering by all means the various security services offered by Java, and are likewise not aware of the different vulnerabilities that are relevant for web applications written in Java.
The course – besides introducing security components of Standard Java Edition – deals with security issues of Java Enterprise Edition (JEE) and web services. Discussion of specific services is preceded with the foundations of cryptography and secure communication. Various exercises deal with declarative and programmatic security techniques in JEE, while both transport-layer and end-to-end security of web services is discussed. The use of all components is presented through several practical exercises, where participants can try out the discussed APIs and tools for themselves.
The course also goes through and explains the most frequent and severe programming flaws of the Java language and platform and web-related vulnerabilities. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Understand security concepts of Web services
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Understand security solutions of Java EE
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Get practical knowledge in using security testing tools
Get sources and further readings on secure coding practices
Even experienced programmers do not master by all means the various security services offered by their development platforms, and are likewise not aware of the different vulnerabilities that are relevant for their developments. This course targets developers using both Java and PHP, providing them essential skills necessary to make their applications resistant to contemporary attacks through the Internet.
Levels of Java security architecture are walked through by tackling access control, authentication and authorization, secure communication and various cryptographic functions. Various APIs are also introduced that can be used to secure your code in PHP, like OpenSSL for cryptography or HTML Purifier for input validation. On server side, the best practices are given for hardening and configuring the operating system, the web container, the file system, the SQL server and the PHP itself, while a special focus is given to client-side security through security issues of JavaScript, Ajax and HTML5.
General web vulnerabilities are discussed by examples aligned to the OWASP Top Ten, showing various injection attacks, script injections, attacks against session handling, insecure direct object references, issues with file uploads, and many others. The various Java- and PHP-specific language problems and issues stemming from the runtime environment are introduced grouped into the standard vulnerability types of missing or improper input validation, improper use of security features, incorrect error and exception handling, time- and state-related problems, code quality issues and mobile code-related vulnerabilities.
Participants can try out the discussed APIs, tools and the effects of configurations for themselves, while the introduction of vulnerabilities are all supported by a number of hands-on exercises demonstrating the consequences of successful attacks, showing how to correct the bugs and apply mitigation techniques, and introducing the use of various extensions and tools.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Learn to use various security features of PHP
Understand security concepts of Web services
Get practical knowledge in using security testing tools
Learn about typical coding mistakes and how to avoid them
Be informed about recent vulnerabilities in Java and PHP frameworks and libraries
Get sources and further readings on secure coding practices
The Java language and the Runtime Environment (JRE) was designed to be free from the most problematic common security vulnerabilities experienced in other languages, like C/C++. Yet, software developers and architects should not only know how to use the various security features of the Java environment (positive security), but should also be aware of the numerous vulnerabilities that are still relevant for Java development (negative security).
The introduction of security services is preceded with a brief overview of the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. The use of these components is presented through several practical exercises, where participants can try out the discussed APIs for themselves.
The course also goes through and explains the most frequent and severe programming flaws of the Java language and platform, covering both the typical bugs committed by Java programmers and the language- and environment-specific issues. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Get sources and further readings on secure coding practices
Beyond solid knowledge in using Java components, even for experienced Java programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side, the different vulnerabilities that are relevant for web applications written in Java, and the consequences of the various risks.
General web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of Java with the most important aim to avoid the associated problems. In addition, a special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5.
The course introduces security components of Standard Java Edition, which is preceded with the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. The use of all components is presented through practical exercises, where participants can try out the discussed APIs and tools for themselves.
Finally, the course explains the most frequent and severe programming flaws of the Java language and platform. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Get practical knowledge in using security testing tools
Get sources and further readings on secure coding practices
Beyond solid knowledge in using Java components, even for experienced Java programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side, the different vulnerabilities that are relevant for web applications written in Java, and the consequences of the various risks.
General web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of Java with the most important aim to avoid the associated problems. In addition, a special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5.
The course introduces security components of Standard Java Edition, which is preceded with the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. Security issues of Java Enterprise Edition are presented through various exercises explaining both declarative and programmatic security techniques in JEE.
Finally, the course explains the most frequent and severe programming flaws of the Java language and platform. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Understand security concepts of Web services
Understand security solutions of Java EE
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Get practical knowledge in using security testing tools
Get sources and further readings on secure coding practices
Audience
Developers
[category_overview] =>
[outline] =>
IT security and secure coding
Web application security
Client-side security
Client-side security
Foundations of Java security
Practical cryptography
Java security services
Security of Web services
XML security
JSON security
Java EE security
Common coding errors and vulnerabilities
Principles of security and secure coding
Knowledge sources
[language] => en
[duration] => 28
[status] => published
[changed] => 1700037228
[source_title] => Advanced Java, JEE and Web Application Security
[source_language] => en
[cert_code] =>
[weight] => 0
[excluded_sites] =>
[use_mt] => stdClass Object
(
[field_overview] =>
[field_course_outline] =>
[field_prerequisits] =>
[field_overview_in_category] =>
)
[cc] => cl-jwe
)
[cl-njs] => stdClass Object
(
[course_code] => cl-njs
[hr_nid] => 200321
[title] => Node.JS and Web Application Security
[requirements] =>
Basic Web application development
[overview] =>
As a developer, your duty is to write bulletproof code.
What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed? What if they could steal away your database and sell it on the black market?
This Web application security course will change the way you look at code. A hands-on training during which we will teach you all the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.
It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.
Delegates attending will:
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn about Node.js security
Learn about MongoDB security
Have a practical understanding of cryptography
Understand essential security protocols
Understand security concepts of Web services
Learn about JSON security
Get practical knowledge in using security testing techniques and tools
Learn how to handle vulnerabilities in the used platforms, frameworks and libraries
Get sources and further readings on secure coding practices
[category_overview] =>
[outline] =>
IT security and secure coding
Web application security
Client-side security
Node.js security
Practical cryptography
Security protocols
Denial of service
Security of Web services
JSON security
Other typical programming mistakes
Security testing
Deployment environment
Knowledge sources
[language] => en
[duration] => 21
[status] => published
[changed] => 1700037257
[source_title] => Node.JS and Web Application Security
[source_language] => en
[cert_code] =>
[weight] => 0
[excluded_sites] =>
[use_mt] => stdClass Object
(
[field_overview] =>
[field_course_outline] =>
[field_prerequisits] =>
[field_overview_in_category] =>
)
[cc] => cl-njs
)
[cl-nsc] => stdClass Object
(
[course_code] => cl-nsc
[hr_nid] => 154857
[title] => .NET, C# and ASP.NET Security Development
[requirements] =>
[overview] =>
A number of programming languages are available today to compile code to .NET and ASP.NET frameworks. The environment provides powerful means for security development, but developers should know how to apply the architecture- and coding-level programming techniques in order to implement the desired security functionality and avoid vulnerabilities or limit their exploitation.
The aim of this course is to teach developers through numerous hands-on exercises how to prevent untrusted code from performing privileged actions, protect resources through strong authentication and authorization, provide remote procedure calls, handle sessions, introduce different implementations for certain functionality, and many more.
Introduction of different vulnerabilities starts with presenting some typical programming problems committed when using .NET, while the discussion of vulnerabilities of the ASP.NET also deals with various environment settings and their effects. Finally, the topic of ASP.NET-specific vulnerabilities not only deals with some general web application security challenges, but also with special issues and attack methods like attacking the ViewState, or the string termination attacks.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn to use various security features of the .NET development environment
Get practical knowledge in using security testing tools
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in .NET and ASP.NET
Get sources and further readings on secure coding practices
Audience
Developers
[category_overview] =>
[outline] =>
IT security and secure coding
Web application security
.NET security architecture and services
Common coding errors and vulnerabilities
Knowledge sources
[language] => en
[duration] => 14
[status] => published
[changed] => 1700037228
[source_title] => .NET, C# and ASP.NET Security Development
[source_language] => en
[cert_code] =>
[weight] => 0
[excluded_sites] =>
[use_mt] => stdClass Object
(
[field_overview] =>
[field_course_outline] =>
[field_prerequisits] =>
[field_overview_in_category] =>
)
[cc] => cl-nsc
)
[cl-nwa] => stdClass Object
(
[course_code] => cl-nwa
[hr_nid] => 154873
[title] => Advanced C#, ASP.NET and Web Application Security
[requirements] =>
[overview] =>
Beyond solid knowledge in using various security features of .NET and ASP.NET, even for experienced programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side along with the consequences of the various risks.
In this course the general web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of ASP.NET. A special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5.
The course also deals with the security architecture and components of the .NET framework, including code- and role based access control, permission declaration and checking mechanisms and the transparency model. A brief introduction to the foundations of cryptography provides a common practical baseline for understanding the purpose and the operation of various algorithms, based on which the course presents the cryptographic features that can be used in .NET.
Introduction of different security bugs follows the well-established vulnerability categories, tackling input validation, security features, error handling, time- and state-related problems, the group of general code quality issues, and a special section on ASP.NET-specific vulnerabilities. These topics are concluded with an overview on testing tools that can be used to automatically reveal some of the learnt bugs.
Topics are presented through practical exercises where participants can try out the consequences of certain vulnerabilities, the mitigations, as well as the discussed APIs and tools for themselves.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn to use various security features of the .NET development environment
Have a practical understanding of cryptography
Get information about some recent vulnerabilities in .NET and ASP.NET
Get practical knowledge in using security testing tools
Learn about typical coding mistakes and how to avoid them
Get sources and further readings on secure coding practices
Audience
Developers
[category_overview] =>
[outline] =>
IT security and secure coding
Web application security
Client-side security
Client-side security
.NET security architecture and services
Practical cryptography
ASP.NET security architecture
Common coding errors and vulnerabilities
Principles of security and secure coding
Knowledge sources
[language] => en
[duration] => 21
[status] => published
[changed] => 1700037229
[source_title] => Advanced C#, ASP.NET and Web Application Security
[source_language] => en
[cert_code] =>
[weight] => 0
[excluded_sites] =>
[use_mt] => stdClass Object
(
[field_overview] =>
[field_course_outline] =>
[field_prerequisits] =>
[field_overview_in_category] =>
)
[cc] => cl-nwa
)
[cl-osc] => stdClass Object
(
[course_code] => cl-osc
[hr_nid] => 155025
[title] => The Secure Coding Landscape
[requirements] =>
[overview] =>
The course introduces some common security concepts, gives an overview about the nature of the vulnerabilities regardless of the used programming languages and platforms, and explains how to handle the risks that apply regarding software security in the various phases of the software development lifecycle. Without going deeply into technical details, it highlights some of the most interesting and most aching vulnerabilities in various software development technologies, and presents the challenges of security testing, along with some techniques and tools that one can apply to find any existing problems in their code.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Understand Web vulnerabilities both on server and client side
Realize the severe consequences of unsecure buffer handling
Be informated about some recent vulnerabilities in development environments and frameworks
Learn about typical coding mistakes and how to avoid them
Understand security testing approaches and methodologies
Audience
Managers
[category_overview] =>
[outline] =>
Agenda
Introduction
IT security and secure coding
Security challenges of various platforms – highlights –
A number of programming languages are available today to compile code to .NET and ASP.NET frameworks. The environment provides powerful means for security development, but developers should know how to apply the architecture- and coding-level programming techniques in order to implement the desired security functionality and avoid vulnerabilities or limit their exploitation.
The aim of this course is to teach developers through numerous hands-on exercises how to prevent untrusted code from performing privileged actions, protect resources through strong authentication and authorization, provide remote procedure calls, handle sessions, introduce different implementations for certain functionality, and many more. A special section is devoted to configuration and hardening of the .NET and ASP.NET environment for security.
A brief introduction to the foundations of cryptography provides a common practical baseline for understanding the purpose and the operation of various algorithms, based on which the course presents the cryptographic features that can be used in .NET. This is followed by the introduction of some recent crypto vulnerabilities both related to certain crypto algorithms and cryptographic protocols, as well as side-channel attacks.
Introduction of different vulnerabilities starts with presenting some typical programming problems committed when using .NET, including bug categories of input validation, error handling or race conditions. A special focus is given to XML security, while the topic of ASP.NET-specific vulnerabilities tackles some special issues and attack methods: like attacking the ViewState, or the string termination attacks.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn to use various security features of the .NET development environment
Have a practical understanding of cryptography
Understand some recent attacks against cryptosystems
Get information about some recent vulnerabilities in .NET and ASP.NET
Learn about typical coding mistakes and how to avoid them
Get practical knowledge in using security testing tools
Get sources and further readings on secure coding practices
Basics of any programming language
Experience in developing applications
[overview] =>
This course will help professionals understand the value and limits of Application Security. While the Application Security Principals provides valuable awareness around some of the major risks in applications today, this course will highlight both the good and not so good.
This course is crucial because of the increasing need for developers to code in a secure manner. It is critical to introduce security as a quality component into the development cycle. This course aims at educating developers about various security vulnerabilities through hands-on practice using our purposely developed insecure web application.
[category_overview] =>
[outline] =>
Discuss the role of security in the software development lifecycle and how best to create secure applications
Recognize how these software security defects are exploited
Discuss discovery methods for these issues
Implement the practices that help prevent the most common mistakes and lead to more secure software
Android is an open platform for mobile devices such as handsets and tablets. It has a large variety of security features to make developing secure software easier; however, it is also missing certain security aspects that are present in other hand-held platforms. The course gives a comprehensive overview of these features, and points out the most critical shortcomings to be aware of related to the underlying Linux, the file system and the environment in general, as well as regarding using permissions and other Android software development components.
Typical security pitfalls and vulnerabilities are described both for native code and Java applications, along with recommendations and best practices to avoid and mitigate them. In many cases discussed issues are supported with real-life examples and case studies. Finally, we give a brief overview on how to use security testing tools to reveal any security relevant programming bugs.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn the security solutions on Android
Learn to use various security features of the Android platform
Get information about some recent vulnerabilities in Java on Android
Learn about typical coding mistakes and how to avoid them
Get understanding on native code vulnerabilities on Android
Realize the severe consequences of unsecure buffer handling in native code
Understand the architectural protection techniques and their weaknesses
Get sources and further readings on secure coding practices
Implementing a secure networked application can be difficult, even for developers who may have used various cryptographic building blocks (such as encryption and digital signatures) beforehand. In order to make the participants understand the role and usage of these cryptographic primitives, first a solid foundation on the main requirements of secure communication – secure acknowledgement, integrity, confidentiality, remote identification and anonymity – is given, while also presenting the typical problems that may damage these requirements along with real-world solutions.
As a critical aspect of network security is cryptography, the most important cryptographic algorithms in symmetric cryptography, hashing, asymmetric cryptography, and key agreement are also discussed. Instead of presenting an in-depth mathematical background, these elements are discussed from a developer's perspective, showing typical use-case examples and practical considerations related to the use of crypto, such as public key infrastructures. Security protocols in many areas of secure communication are introduced, with an in-depth discussion on the most widely-used protocol families such as IPSEC and SSL/TLS.
Typical crypto vulnerabilities are discussed both related to certain crypto algorithms and cryptographic protocols, such as BEAST, CRIME, TIME, BREACH, FREAK, Logjam, Padding oracle, Lucky Thirteen, POODLE and similar, as well as the RSA timing attack. In each case, the practical considerations and potential consequences are described for each problem, again, without going into deep mathematical details.
Finally, as XML technology is central for data exchange by networked applications, the security aspects of XML are described. This includes the usage of XML within web services and SOAP messages alongside protection measures such as XML signature and XML encryption – as well as weaknesses in those protection measures and XML-specific security issues such as XML injection, XML external entity (XXE) attacks, XML bombs, and XPath injection.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Understand the requirements of secure communication
Learn about network attacks and defenses at different OSI layers
Have a practical understanding of cryptography
Understand essential security protocols
Understand some recent attacks against cryptosystems
Get information about some recent related vulnerabilities
Understand security concepts of Web services
Get sources and further readings on secure coding practices
To serve in the best way heterogeneous development groups that are using various platforms simultaneously during their everyday work, we have merged various topics into a combined course that presents diverse secure coding subjects in didactic manner on a single training event. This course combines C/C++ and Java platform security to provide an extensive, cross-platform secure coding expertise.
Concerning C/C++, common security vulnerabilities are discussed, backed by practical exercises about the attacking methods that exploit these vulnerabilities, with the focus on the mitigation techniques that can be applied to prevent the occurrences of these dangerous bugs, detect them before market launch or prevent their exploitation.
Security components and service of Java are discussed by presenting the different APIs and tools through a number of practical exercises where participants can gain hands-on experience in using them. The course also covers security issues of web services and the related Java services that can be applied to prevent the most aching threats of the Internet based services. Finally, web- and Java-related security vulnerabilities are demonstrated by easy-to-understand exercises, which not only show the root cause of the problems, but also demonstrate the attack methods along with the recommended mitigation and coding techniques in order to avoid the associated security problems.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Realize the severe consequences of unsecure buffer handling
Understand the architectural protection techniques and their weaknesses
Learn about typical coding mistakes and how to avoid them
Be informed about recent vulnerabilities in various platforms, frameworks and libraries
Get sources and further readings on secure coding practices
Migrating to the cloud introduces immense benefits for companies and individuals in terms of efficiency and costs. With respect to security, the effects are quite diverse, but it is a common perception that using cloud services impacts security in a positive manner. Opinions, however, diverge many times even on defining who is responsible for ensuring the security of cloud resources.
Covering IaaS, PaaS and SaaS, first the security of the infrastructure is discussed: hardening and configuration issues as well as various solutions for authentication and authorization alongside identity management that should be at the core of all security architecture. This is followed by some basics regarding legal and contractual issues, namely how trust is established and governed in the cloud.
The journey through cloud security continues with understanding cloud-specific threats and the attackers’ goals and motivations as well as typical attack steps taken against cloud solutions. Special focus is also given to auditing the cloud and providing security evaluation of cloud solutions on all levels, including penetration testing and vulnerability analysis.
The focus of the course is on application security issues, dealing both with data security and the security of the applications themselves. From the standpoint of application security, cloud computing security is not substantially different from general software security, and therefore basically all OWASP-enlisted vulnerabilities are relevant in this domain as well. It is the set of threats and risks that makes the difference, and thus the training is concluded with the enumeration of various cloud-specific attack vectors connected to the weaknesses discussed beforehand.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Understand major threats and risks in the cloud domain
Learn about elementary cloud security solutions
Get information about the trust and the governance regarding the cloud
Have a practical understanding of cryptography
Get extensive knowledge in application security in the cloud
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Understand the challenges of auditing and evaluating cloud systems for security
Learn how to secure the cloud environment and infrastructure
Get sources and further readings on secure coding practices
This three day course covers the basics of securing the C/C++ code against the malicious users who may exploit many vulnerabilities in the code with memory management and input handling, the course cover the principals of writing secure code.
Even experienced Java programmers are not mastering by all means the various security services offered by Java, and are likewise not aware of the different vulnerabilities that are relevant for web applications written in Java.
The course – besides introducing security components of Standard Java Edition – deals with security issues of Java Enterprise Edition (JEE) and web services. Discussion of specific services is preceded with the foundations of cryptography and secure communication. Various exercises deal with declarative and programmatic security techniques in JEE, while both transport-layer and end-to-end security of web services is discussed. The use of all components is presented through several practical exercises, where participants can try out the discussed APIs and tools for themselves.
The course also goes through and explains the most frequent and severe programming flaws of the Java language and platform and web-related vulnerabilities. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Understand security concepts of Web services
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Understand security solutions of Java EE
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Get practical knowledge in using security testing tools
Get sources and further readings on secure coding practices
Even experienced programmers do not master by all means the various security services offered by their development platforms, and are likewise not aware of the different vulnerabilities that are relevant for their developments. This course targets developers using both Java and PHP, providing them essential skills necessary to make their applications resistant to contemporary attacks through the Internet.
Levels of Java security architecture are walked through by tackling access control, authentication and authorization, secure communication and various cryptographic functions. Various APIs are also introduced that can be used to secure your code in PHP, like OpenSSL for cryptography or HTML Purifier for input validation. On server side, the best practices are given for hardening and configuring the operating system, the web container, the file system, the SQL server and the PHP itself, while a special focus is given to client-side security through security issues of JavaScript, Ajax and HTML5.
General web vulnerabilities are discussed by examples aligned to the OWASP Top Ten, showing various injection attacks, script injections, attacks against session handling, insecure direct object references, issues with file uploads, and many others. The various Java- and PHP-specific language problems and issues stemming from the runtime environment are introduced grouped into the standard vulnerability types of missing or improper input validation, improper use of security features, incorrect error and exception handling, time- and state-related problems, code quality issues and mobile code-related vulnerabilities.
Participants can try out the discussed APIs, tools and the effects of configurations for themselves, while the introduction of vulnerabilities are all supported by a number of hands-on exercises demonstrating the consequences of successful attacks, showing how to correct the bugs and apply mitigation techniques, and introducing the use of various extensions and tools.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Learn to use various security features of PHP
Understand security concepts of Web services
Get practical knowledge in using security testing tools
Learn about typical coding mistakes and how to avoid them
Be informed about recent vulnerabilities in Java and PHP frameworks and libraries
Get sources and further readings on secure coding practices
The Java language and the Runtime Environment (JRE) was designed to be free from the most problematic common security vulnerabilities experienced in other languages, like C/C++. Yet, software developers and architects should not only know how to use the various security features of the Java environment (positive security), but should also be aware of the numerous vulnerabilities that are still relevant for Java development (negative security).
The introduction of security services is preceded with a brief overview of the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. The use of these components is presented through several practical exercises, where participants can try out the discussed APIs for themselves.
The course also goes through and explains the most frequent and severe programming flaws of the Java language and platform, covering both the typical bugs committed by Java programmers and the language- and environment-specific issues. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Get sources and further readings on secure coding practices
Beyond solid knowledge in using Java components, even for experienced Java programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side, the different vulnerabilities that are relevant for web applications written in Java, and the consequences of the various risks.
General web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of Java with the most important aim to avoid the associated problems. In addition, a special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5.
The course introduces security components of Standard Java Edition, which is preceded with the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. The use of all components is presented through practical exercises, where participants can try out the discussed APIs and tools for themselves.
Finally, the course explains the most frequent and severe programming flaws of the Java language and platform. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Get practical knowledge in using security testing tools
Get sources and further readings on secure coding practices
Beyond solid knowledge in using Java components, even for experienced Java programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side, the different vulnerabilities that are relevant for web applications written in Java, and the consequences of the various risks.
General web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of Java with the most important aim to avoid the associated problems. In addition, a special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5.
The course introduces security components of Standard Java Edition, which is preceded with the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. Security issues of Java Enterprise Edition are presented through various exercises explaining both declarative and programmatic security techniques in JEE.
Finally, the course explains the most frequent and severe programming flaws of the Java language and platform. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn to use various security features of the Java development environment
Have a practical understanding of cryptography
Understand security concepts of Web services
Understand security solutions of Java EE
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in the Java framework
Get practical knowledge in using security testing tools
Get sources and further readings on secure coding practices
Audience
Developers
[category_overview] =>
[outline] =>
IT security and secure coding
Web application security
Client-side security
Client-side security
Foundations of Java security
Practical cryptography
Java security services
Security of Web services
XML security
JSON security
Java EE security
Common coding errors and vulnerabilities
Principles of security and secure coding
Knowledge sources
[language] => en
[duration] => 28
[status] => published
[changed] => 1700037228
[source_title] => Advanced Java, JEE and Web Application Security
[source_language] => en
[cert_code] =>
[weight] => 0
[excluded_sites] =>
[use_mt] => stdClass Object
(
[field_overview] =>
[field_course_outline] =>
[field_prerequisits] =>
[field_overview_in_category] =>
)
[cc] => cl-jwe
)
[cl-njs] => stdClass Object
(
[course_code] => cl-njs
[hr_nid] => 200321
[title] => Node.JS and Web Application Security
[requirements] =>
Basic Web application development
[overview] =>
As a developer, your duty is to write bulletproof code.
What if we told you that despite all of your efforts, the code you have been writing your entire career is full of weaknesses you never knew existed? What if, as you are reading this, hackers were trying to break into your code? How likely would they be to succeed? What if they could steal away your database and sell it on the black market?
This Web application security course will change the way you look at code. A hands-on training during which we will teach you all the attackers’ tricks and how to mitigate them, leaving you with no other feeling than the desire to know more.
It is your choice to be ahead of the pack, and be seen as a game changer in the fight against cybercrime.
Delegates attending will:
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn about Node.js security
Learn about MongoDB security
Have a practical understanding of cryptography
Understand essential security protocols
Understand security concepts of Web services
Learn about JSON security
Get practical knowledge in using security testing techniques and tools
Learn how to handle vulnerabilities in the used platforms, frameworks and libraries
Get sources and further readings on secure coding practices
[category_overview] =>
[outline] =>
IT security and secure coding
Web application security
Client-side security
Node.js security
Practical cryptography
Security protocols
Denial of service
Security of Web services
JSON security
Other typical programming mistakes
Security testing
Deployment environment
Knowledge sources
[language] => en
[duration] => 21
[status] => published
[changed] => 1700037257
[source_title] => Node.JS and Web Application Security
[source_language] => en
[cert_code] =>
[weight] => 0
[excluded_sites] =>
[use_mt] => stdClass Object
(
[field_overview] =>
[field_course_outline] =>
[field_prerequisits] =>
[field_overview_in_category] =>
)
[cc] => cl-njs
)
[cl-nsc] => stdClass Object
(
[course_code] => cl-nsc
[hr_nid] => 154857
[title] => .NET, C# and ASP.NET Security Development
[requirements] =>
[overview] =>
A number of programming languages are available today to compile code to .NET and ASP.NET frameworks. The environment provides powerful means for security development, but developers should know how to apply the architecture- and coding-level programming techniques in order to implement the desired security functionality and avoid vulnerabilities or limit their exploitation.
The aim of this course is to teach developers through numerous hands-on exercises how to prevent untrusted code from performing privileged actions, protect resources through strong authentication and authorization, provide remote procedure calls, handle sessions, introduce different implementations for certain functionality, and many more.
Introduction of different vulnerabilities starts with presenting some typical programming problems committed when using .NET, while the discussion of vulnerabilities of the ASP.NET also deals with various environment settings and their effects. Finally, the topic of ASP.NET-specific vulnerabilities not only deals with some general web application security challenges, but also with special issues and attack methods like attacking the ViewState, or the string termination attacks.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn to use various security features of the .NET development environment
Get practical knowledge in using security testing tools
Learn about typical coding mistakes and how to avoid them
Get information about some recent vulnerabilities in .NET and ASP.NET
Get sources and further readings on secure coding practices
Audience
Developers
[category_overview] =>
[outline] =>
IT security and secure coding
Web application security
.NET security architecture and services
Common coding errors and vulnerabilities
Knowledge sources
[language] => en
[duration] => 14
[status] => published
[changed] => 1700037228
[source_title] => .NET, C# and ASP.NET Security Development
[source_language] => en
[cert_code] =>
[weight] => 0
[excluded_sites] =>
[use_mt] => stdClass Object
(
[field_overview] =>
[field_course_outline] =>
[field_prerequisits] =>
[field_overview_in_category] =>
)
[cc] => cl-nsc
)
[cl-nwa] => stdClass Object
(
[course_code] => cl-nwa
[hr_nid] => 154873
[title] => Advanced C#, ASP.NET and Web Application Security
[requirements] =>
[overview] =>
Beyond solid knowledge in using various security features of .NET and ASP.NET, even for experienced programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side along with the consequences of the various risks.
In this course the general web-based vulnerabilities are demonstrated through presenting the relevant attacks, while the recommended coding techniques and mitigation methods are explained in the context of ASP.NET. A special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5.
The course also deals with the security architecture and components of the .NET framework, including code- and role based access control, permission declaration and checking mechanisms and the transparency model. A brief introduction to the foundations of cryptography provides a common practical baseline for understanding the purpose and the operation of various algorithms, based on which the course presents the cryptographic features that can be used in .NET.
Introduction of different security bugs follows the well-established vulnerability categories, tackling input validation, security features, error handling, time- and state-related problems, the group of general code quality issues, and a special section on ASP.NET-specific vulnerabilities. These topics are concluded with an overview on testing tools that can be used to automatically reveal some of the learnt bugs.
Topics are presented through practical exercises where participants can try out the consequences of certain vulnerabilities, the mitigations, as well as the discussed APIs and tools for themselves.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
Learn client-side vulnerabilities and secure coding practices
Learn to use various security features of the .NET development environment
Have a practical understanding of cryptography
Get information about some recent vulnerabilities in .NET and ASP.NET
Get practical knowledge in using security testing tools
Learn about typical coding mistakes and how to avoid them
Get sources and further readings on secure coding practices
Audience
Developers
[category_overview] =>
[outline] =>
IT security and secure coding
Web application security
Client-side security
Client-side security
.NET security architecture and services
Practical cryptography
ASP.NET security architecture
Common coding errors and vulnerabilities
Principles of security and secure coding
Knowledge sources
[language] => en
[duration] => 21
[status] => published
[changed] => 1700037229
[source_title] => Advanced C#, ASP.NET and Web Application Security
[source_language] => en
[cert_code] =>
[weight] => 0
[excluded_sites] =>
[use_mt] => stdClass Object
(
[field_overview] =>
[field_course_outline] =>
[field_prerequisits] =>
[field_overview_in_category] =>
)
[cc] => cl-nwa
)
[cl-osc] => stdClass Object
(
[course_code] => cl-osc
[hr_nid] => 155025
[title] => The Secure Coding Landscape
[requirements] =>
[overview] =>
The course introduces some common security concepts, gives an overview about the nature of the vulnerabilities regardless of the used programming languages and platforms, and explains how to handle the risks that apply regarding software security in the various phases of the software development lifecycle. Without going deeply into technical details, it highlights some of the most interesting and most aching vulnerabilities in various software development technologies, and presents the challenges of security testing, along with some techniques and tools that one can apply to find any existing problems in their code.
Participants attending this course will
Understand basic concepts of security, IT security and secure coding
Understand Web vulnerabilities both on server and client side
Realize the severe consequences of unsecure buffer handling
Be informated about some recent vulnerabilities in development environments and frameworks
Learn about typical coding mistakes and how to avoid them
Understand security testing approaches and methodologies
Audience
Managers
[category_overview] =>
[outline] =>
Agenda
Introduction
IT security and secure coding
Security challenges of various platforms – highlights –
