Writing web applications can be rather complex – reasons range from dealing with legacy technologies or under-documented third-party components to sharp deadlines and code maintainability. Yet, beyond all that, what if we told you that attackers were trying to break into your code right now? How likely would they be to succeed?
This course will change the way you look at your code. We'll teach you the common weaknesses and their consequences that can allow hackers to attack your system, and – more importantly – best practices you can apply to protect yourself. We cover typical Web vulnerabilities with a focus on how they affect web apps on the entire stack – from the base environment to modern AJAX and HTML5-based frontends. In addition, we discuss the security aspects of different platforms as well as typical programming mistakes you need to be aware of. We present the entire course through live practical exercises to keep it engaging and fun. Writing secure code will give you a distinct edge over your competitors. It is your choice to be ahead of the pack – take a step and be a game-changer in the fight against cybercrime.
Training level: Basic
IT security and secure coding
Web application security (OWASP Top Ten 2021 summary)
A3 - Injection
Definition and generalization
Programmers, software developers, team leaders, managers
During the training, you will be solving hands-on exercises with the help of the trainer on a cloud virtual machine.
These are the requirements to be able to use the VM smoothly.
Recommended hardware specification
General software engineer capabilities
Participants will receive a welcome page prior to the training including the course material in a pdf file and access to the cloud VMs during the training.
I was studying economics in Vienna when I saw a series about a hacker. He was a grey hat hacker: well-motivated but doing totally illegal things. For IT security, his character inspired me. Then I started reading about this subject, took an online course, studied programming, and as a result, I enrolled in university. It has an IT security lab, and what I saw there impressed me. After the lab demonstration, my path became clear to me. In my undergraduate thesis, I developed an intentionally vulnerable system, attacked it, and then demonstrated the whole process from log files. Clearly, to me outsourcing does not present the best solution – rather, we should aim to have a code base within the team which we make difficult or impossible to access. The industry is changing too fast to predict anything, in three or four years your knowledge can become worthless, but the insight people get from our training can form a permanent part of their future work.
Programming requires a different mindset than most other professions, and IT security work requires a different outlook. At Scademy, I can train people with much more programming experience than I have. However, they don’t know nearly as much about security as I do, as most of them probably didn’t come across it in their training. I started as a curriculum developer at Scademy and then I started teaching, which I like because it gives me very specific knowledge. It also depends on the trainer how dynamically each group works, and their openness. I also feel that some groups work more actively by nature: their members talk to each other, and the process needs moderation. Some people ask a lot of questions, and some learn more passively by nature. But the bottom line remains the same everywhere: what they will do differently in their work from the next day. It is also of big importance whether they will spread the word among their colleagues on how much trouble their carelessness can lead to.