We offer web security trainings for primarily two target audiences: First, developers who want to learn about web application security, Single Sign-On, TLS, XML, and web service technologies. Second, penetration testers who want to get an in-depth knowledge about web security. Our discussed topics are both known, and also usually unknown attacks, along with their countermeasures. Furthermore, we go into detail regarding solutions to automate security tests.

The trainings can be done either in-house at your company, or at our hometown in Bochum (Germany). We offer security training on a per-day basis or also collectively as a five day workshop. Additionally, we would love to hear from you if you are interested in such topics like Clickjacking. You can contact us via phone or email at mail@hackmanit.de.

Our security trainings:

For smaller companies and freelancers with German language skills, we recommend booking our trainings at Linuxhotel. For five participants or more, we recommend training courses that are held in-house at your company, or at Hackmanit in Bochum. In Bochum, the trainings usually take place at the Mercure Hotel Bochum City.

In the training for Secure Web Development, we use real-life examples where the participant will be taught how an attacker finds and exploits security vulnerabilities in web applications. In addition to well-known attacks such as SQL-injections, remote file inclusion, and cross-site scripting, there are also new threats from HTML(5) and NoSQL (e.g., MongoDB). The goal of this intensive training is to enable you to conduct smaller audits and penetration tests on your own. In addition, you will be able to understand and evaluate common attacks and to continually secure your web application regarding to these topics.

Single Sign-On (SSO) protocols are one of the most important Internet technologies and are used by countless applications. They allow the registration and login process to be simple for users as possible, and enable applications to be connected to social networks. Although OAuth and OpenID Connect are established as today's common standards, serious attacks on SSO protocols have been discovered within recent years. These attacks exploit the complexity of the underlying standards and implementation flaws, and allow attackers to authenticate themselves as arbitrary users or to access confidential user data. By doing so, attackers can potentially read, manipulate, or delete data of arbitrary users across these applications.

Single Sign-On (SSO) procedures are one of the most important Internet technologies and are used by many applications. They allow to design the registration and login process as easy as possible for users and enable applications to be connected to social networks. The use of SAML-based SSO procedures is widespread. However, SSO procedures have become the target of serious attacks due to implementation flaws and flaws in the underlying standards in recent years. These attacks exploit the complexity of the underlying standards and enable attackers to authenticate themselves as arbitrary users or to access confidential user data. In this way, the data can be read, manipulated or deleted.

TLS is what turns "http" into "https". If data is encrypted and transmitted across the Internet, in most cases TLS (the successor of SSL) is used. Whether web, email, phone calls, chat, or VPN -- there is hardly a type of communication which cannot be encrypted using TLS.

Web services are used by many applications and are essential for the infrastructure of the modern Internet. Among other things, they enable applications to connect to social networks and provide their own services for third parties. However, web services have become the target of serious attacks due to implementation flaws within recent years. These attacks take advantage of the complexity of the XML standards and allow attackers to read sensitive data from external servers, or to decrypt confidential data.