We offer web security training courses for primarily two target audiences: First, developers who want to learn about web application security, Single Sign-On, TLS, XML, and web service technologies. Second, penetration testers who want to get an in-depth knowledge about web security. Our discussed topics are both known, and also usually unknown attacks, along with their countermeasures. Furthermore, we go into detail regarding solutions to automate security tests.
Secure Web Development, Single Sign-On-, TLS- and Web Service Security
The training can be held either in-house at your company, at our hometown in Bochum (Germany), or as an online training. We offer security training on a per-day basis or also collectively as a five day workshop. Additionally, we would love to hear from you if you are interested in such topics like Clickjacking. You can contact us via phone or email at firstname.lastname@example.org.
Our security (online) training courses:
- Secure Web Development (3 days)
- Single Sign-On Security: OAuth & OpenID Connect (2 days)
- Single Sign-On Security: SAML (2 days)
- TLS Security (2 days)
- Web Service Security (2 days)
For five participants or more, we recommend training courses that are held in-house at your company, or at Hackmanit in Bochum. In Bochum, the training courses usually take place at the Mercure Hotel Bochum City.
Additional online training opportunities:
- Introduction Online Training (4 hours)
- Refreshment and Update Courses (4-8 hours)
Secure Web Development (3 days)
In the training for Secure Web Development, we use real-life examples where the participant will be taught how an attacker finds and exploits security vulnerabilities in web applications. In addition to well-known attacks such as SQL-injections, remote file inclusion, and cross-site scripting, there are also new threats from HTML(5) and NoSQL (e.g., MongoDB). The goal of this intensive training is to enable you to conduct smaller audits and penetration tests on your own. In addition, you will be able to understand and evaluate common attacks and to continually secure your web application regarding to these topics.
Single Sign-On Security: SAML (2 days)
Single Sign-On (SSO) procedures are one of the most important Internet technologies and are used by many applications. They allow to design the registration and login process as easy as possible for users and enable applications to be connected to social networks. The use of SAML-based SSO procedures is widespread. However, SSO procedures have become the target of serious attacks due to implementation flaws and flaws in the underlying standards in recent years. These attacks exploit the complexity of the underlying standards and enable attackers to authenticate themselves as arbitrary users or to access confidential user data. In this way, the data can be read, manipulated or deleted.
Single Sign-On Security: OAuth & OpenID Connect (2 days)
Single Sign-On (SSO) protocols are one of the most important Internet technologies and are used by countless applications. They allow the registration and login process to be simple for users as possible, and enable applications to be connected to social networks. Although OAuth and OpenID Connect are established as today's common standards, serious attacks on SSO protocols have been discovered within recent years. These attacks exploit the complexity of the underlying standards and implementation flaws, and allow attackers to authenticate themselves as arbitrary users or to access confidential user data. By doing so, attackers can potentially read, manipulate, or delete data of arbitrary users across these applications.
TLS Security (2 days)
TLS is what turns "http" into "https". If data is encrypted and transmitted across the Internet, in most cases TLS (the successor of SSL) is used. Whether web, email, phone calls, chat, or VPN -- there is hardly a type of communication which cannot be encrypted using TLS.
Web Service Security (2 days)
Web services are used by many applications and are essential for the infrastructure of the modern Internet. Among other things, they enable applications to connect to social networks and provide their own services for third parties. However, web services have become the target of serious attacks due to implementation flaws within recent years. These attacks take advantage of the complexity of the XML standards and allow attackers to read sensitive data from external servers, or to decrypt confidential data.
Introduction Online Training (4 hours)
You are working with the technologies mentioned above and you need an introduction to these complex topics? In our introductory online training courses, we give you an insight into the relevant topic and thus help you decide whether you need to study the topic in detail. In addition to the following introductory online training courses, we are also happy to offer you an individual introduction to other topics:
- Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF)
- Clickjacking and UI-Redressing
- Single-Sign On: OAuth and OpenID Connect
- Single-Sign On: Security Assertion Markup Language (SAML)
- JSON security
- XML security
- SSL/TLS and certificates
- Introduction to security issues of the PDF document format
- Introduction to cryptography for software developers
Refreshment and Update Courses (4-8 hours)
Do you have knowledge in one of the above-mentioned areas?
Maybe you have even attended one of our trainings?
We provide you the opportunity to refresh your knowledge in an online training.
IT security is constantly evolving. Likewise, the contents of our trainings are continuously updated and expanded. With the help of an online training you can extend your knowledge with new content. This will help you to stay up to date with the latest developments. We will structure the online training individually according to your needs.
Are you unsure whether a training is the right measure for you? Would you be interested in an online training on a specific topic? We would be pleased to discuss individual options for expanding your own and your employees' knowledge in a non-binding meeting.