Time & Place
20 Oct 2016 09:00
21 Oct 2016 18:00
Bulgaria, 1784 Sofia, Blvd. "Tsarigradsko shose" 111B, Sofia Tech Park Bulgaria
The course includes live demos of attacks, exercises in detecting and leveraging threats, examples of weak and vulnerable code and the process of repairing it and fixing vulnerabilities, mitigation tactics, developer-specific best practices and discussions on how not to write vulnerable code in the process of daily work. The course is mostly technical and not organizational.
The advanced course will additionally include exercises in which participants in turn attempt to fix and attack particular implementations. A heavier focus will be placed on labs.
The goal of this course is to prepare developers for dealing with real-world sophisticated attacks, so they can properly design and code in order to deliver a resilient and secure product.
- Advanced SQL & NoSQL Injection
- Advanced XSS & HTML-only Injection
- Server-side request forgery
- XML Injection
- Advanced CSRF Examples & Labs
- OpenID & OAuth
- Integer security
- Basics of Secure Coding
Prerequisites: Suggested background is the ESI CEE “Top 10 Web Threats” course or equivalent knowledge.
The course requires a deep understanding of web technologies and strong programming skills.