Course
Web Application Security – Foundation («SWO»)
Course facts
- Understanding that you are bound to secrecy, confidentiality and non-disclosure to the employer and clients
- Putting yourself in the shoes of the customer (internal or external) to understand their needs
- Ensuring cyber resilience when communicating with the client
- Dealing with different possible threat scenarios
- Using OWASP (especially the OWASP Top 10) as a tool to perform offensive attack techniques to find vulnerabilities in (web) applications
- Installing, configuring and operating tools for finding and analyzing vulnerabilities and performing web application penetration tests
- Applying your expertise to assist internal and external auditors in conducting security audits
- Gaining a basic understanding of the principles of secure software development
Studies show that more than 90% of all web applications have serious security flaws, although effective countermeasures exist for most types of attacks. Vulnerabilities are mostly found in architecture and design, in application logic, in program code, in 3rd party libraries or in deployment and configuration.
Based on the OWASP Top 10, you will learn about the current attack methods on (web) applications and how effective protective measures should be taken
- A01:2021-Broken Access Control
- A02:2021-Cryptographic Failures
- A03:2021-Injection
- A04:2021-Insecure Design
- A05:2021-Security Misconfiguration
- A06:2021-Vulnerable and Outdated Components
- A07:2021-Identification and Authentication Failures
- A08:2021-Software and Data Integrity Failures
- A09:2021-Security Logging and Monitoring Failures
- A10:2021-Server-Side Request Forgery
Component of the following courses
This course is aimed at software developers and testers, webmasters, developers as well as publishers, system engineers and administrators, CISOs and IT security managers.
Basic knowledge of web application development, knowledge of web servers, knowledge of basic web technologies such as HTML and Javascript are required.