We primary offer Web security trainings for two groups. First, developers who want to learn about Web application security, XML, Web services, and Single Sign-On technologies. Our discussed topics are, for example, known and usually unknown attacks and their countermeasures. Furthermore, we go into detail regarding solutions to do automatable tests. Second, penetration testers who want to get an in-depth knowledge about Web security.

The trainings can be done in-house at your company or at our home town in Bochum (Germany). We offer each security training individually and also collectively as a five day workshop. Please also contact us if you are interested in talks about topics like Clickjacking. You can contact us, for example, via mail@hackmanit.de.

Our security trainings:

  • Secure Web Development (3 days)
  • Web Service and Single Sign-On Security (2 days)
  • TLS Security (2 days)

For smaller companies and freelancer with German language skills, we recommend booking our trainings at Linuxhotel. For 5 participants or more, we recommend training courses that are held in-house or at Hackmanit in Bochum. In Bochum the trainings usually take place at the Mercure Hotel Bochum City.

In the training Secure Web Development, using real-life examples, the participant is taught how an attacker finds and exploits security vulnerabilities in web applications. In addition to well-known attacks such as SQL-Injections, Remote File Inclusion and Cross-Site Scripting, there are also new threats from HTML(5) and NoSQL (e.g. MongoDB). The goal of this intensive training is to enable you to conduct smaller audits and penetration tests on your own. In addition, you will be able to understand and evaluate common attacks and to sustainably secure your web application with regard to the learned topics.

Web services and single sign-on belong to the most important Internet technologies and enable you to provide your own services to third parties and connect them to social networks. In recent years, these technologies have become the target of serious attacks due to implementation flaws. The attacks take advantage of the complexity of the XML and single sign-on standards and allow an attacker to sensitive data from protected servers, authenticate as an arbitrary user or decrypt confidential data.

Do you use OAuth or OpenID Connect? Contact us for a single sign-on training on these specific topics.

TLS is what turns "http" to "https". If data is transmitted encrypted on the Internet, in most cases TLS (the successor of SSL) is used. Whether web, email, phone calls, chat or VPN - there is hardly a type of communication which cannot be encrypted with TLS.