We primary offer web security trainings for two groups. First, developers who want to learn about web application security, Single Sign-On, TLS, XML and web services technologies. Our discussed topics are, for example, known and usually unknown attacks and their countermeasures. Furthermore, we go into detail regarding solutions to do automatable tests. Second, penetration testers who want to get an in-depth knowledge about web security.

The trainings can be done in-house at your company or at our home town in Bochum (Germany). We offer each security training individually and also collectively as a five day workshop. Please also contact us if you are interested in talks about topics like Clickjacking. You can contact us, for example, via mail@hackmanit.de.

Our security trainings:

For smaller companies and freelancer with German language skills, we recommend booking our trainings at Linuxhotel. For 5 participants or more, we recommend training courses that are held in-house or at Hackmanit in Bochum. In Bochum the trainings usually take place at the Mercure Hotel Bochum City.

In the training Secure Web Development, using real-life examples, the participant is taught how an attacker finds and exploits security vulnerabilities in web applications. In addition to well-known attacks such as SQL-Injections, Remote File Inclusion and Cross-Site Scripting, there are also new threats from HTML(5) and NoSQL (e.g. MongoDB). The goal of this intensive training is to enable you to conduct smaller audits and penetration tests on your own. In addition, you will be able to understand and evaluate common attacks and to sustainably secure your web application with regard to the learned topics.

Single Sign-On (SSO) procedures belong to the most important Internet technologies and are used by many applications. They allow to design the registration and login process as easy as possible for users and enable applications to be connected to social networks. OAuth and OpenID Connect are established as common standards today. However, serious attacks on SSO procedures have been discovered in recent years. These attacks exploit the complexity of the underlying standards, as well as implementation flaws, and allow attackers to authenticate themselves as arbitrary users or to access confidential user data. In this way, the data can be read, manipulated or deleted.

Single Sign-On (SSO) procedures are one of the most important Internet technologies and are used by many applications. They allow to design the registration and login process as easy as possible for users and enable applications to be connected to social networks. The use of SAML-based SSO procedures is widespread. However, SSO procedures have become the target of serious attacks due to implementation flaws and flaws in the underlying standards in recent years. These attacks exploit the complexity of the underlying standards and enable attackers to authenticate themselves as arbitrary users or to access confidential user data. In this way, the data can be read, manipulated or deleted.

TLS is what turns "http" to "https". If data is transmitted encrypted on the Internet, in most cases TLS (the successor of SSL) is used. Whether web, email, phone calls, chat or VPN - there is hardly a type of communication which cannot be encrypted with TLS.

Web services are used by many applications and are essential in many scenarios nowadays. For example, they enable to connect applications to social networks or to provide own services for third parties. However, web services have become the target of serious attacks due to implementation flaws in recent years. These attacks take advantage of the complexity of the XML standards and allow attackers to read sensitive data from external servers or to decrypt confidential data.