We offer web security training courses for primarily two target audiences: First, developers who want to learn about web application security, Single Sign-On, TLS, XML, and web service technologies. Second, penetration testers who want to get an in-depth knowledge about web security. Our discussed topics are both known, and also usually unknown attacks, along with their countermeasures. Furthermore, we go into detail regarding solutions to automate security tests.

Are you unsure whether a training is the right measure for you? Would you be interested in an online training on a specific topic? We would be pleased to discuss individual options for expanding your own and your employees' knowledge in a non-binding meeting.

Dr. Christian Mainka

Your Contact for Training Courses

Dr. Christian Mainka
christian.mainka@hackmanit.de
+49 (0)234 / 54460624

Web services are used by many applications and are essential for the infrastructure of the modern Internet. Among other things, they enable applications to connect to social networks and provide their own services for third parties. However, web services have become the target of serious attacks due to implementation flaws within recent years. These attacks take advantage of the complexity of the XML standards and allow attackers to read sensitive data from external servers, or to decrypt confidential data.

Single Sign-On (SSO) procedures are one of the most important Internet technologies and are used by many applications. They allow to design the registration and login process as easy as possible for users and enable applications to be connected to social networks. The use of SAML-based SSO procedures is widespread. However, SSO procedures have become the target of serious attacks due to implementation flaws and flaws in the underlying standards in recent years. These attacks exploit the complexity of the underlying standards and enable attackers to authenticate themselves as arbitrary users or to access confidential user data. In this way, the data can be read, manipulated or deleted.

Single Sign-On (SSO) protocols are one of the most important Internet technologies and are used by countless applications. They allow the registration and login process to be simple for users as possible, and enable applications to be connected to social networks. Although OAuth and OpenID Connect are established as today's common standards, serious attacks on SSO protocols have been discovered within recent years. These attacks exploit the complexity of the underlying standards and implementation flaws, and allow attackers to authenticate themselves as arbitrary users or to access confidential user data. By doing so, attackers can potentially read, manipulate, or delete data of arbitrary users across these applications.

You are working with the technologies mentioned above and you need an introduction to these complex topics? In our introductory online training courses, we give you an insight into the relevant topic and thus help you decide whether you need to study the topic in detail. In addition to the following introductory online training courses, we are also happy to offer you an individual introduction to other topics:

  • Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF)
  • Clickjacking and UI-Redressing
  • Single-Sign On: OAuth and OpenID Connect
  • Single-Sign On: Security Assertion Markup Language (SAML)
  • JSON security
  • XML security
  • SSL/TLS and certificates
  • Introduction to security issues of the PDF document format
  • Introduction to cryptography for software developers