Security is everyone’s job. Developers, service engineers, and program and product managers must understand security basics and know how to build security into software and services to make products more secure while addressing business needs and delivering user value.

In this two-day workshop, we will introduce you to why security is important, how common attacks are executed, and what we, as developers, can do to protect our systems from these attacks.

This workshop contains plenty of hands-on exercises that allow the participant to learn by doing.

After the course
The participant will understand why security is important, how common attacks are carried out, and how to protect your applications against these attacks. During this course, the participant will also understand how the web works and how to think like an attacker.

Target audience
This course targets developers on all platforms, including .NET, Java, JavaScript, and PHP.

Prerequisites
You should understand how the web works and have a basic web development experience, including HTTP, HTML, and JavaScript.

In this workshop, we will cover concepts like:

Social Engineering
Securing HTTPS
Unicode
Cross-Site Scripting (XSS)
Preventing XSS with Content Security Policy (CSP)
Cross-Site Request Forgery (CSRF)
Securing your cookies
Same site cookies
Cross-Origin Resource Sharing (CORS)
SQL Injections
Authentication
Application DoS attacks
Securing passwords
Preventing data leaks
Intercepting proxies
Supply-chain attacks
Subresource Integrity

And much more…

I have taught this topic/course for over 10 years, and this workshop is based on a 2-day corporate training class I have in the topic at https://tn-data.se/courses/web-security-fundamentals/

To ensure that all participants can take part in the execises, each participant will get access to a personal cloud based VM that they connect to using remote desktop.

The target audience is web developers on all levels who want to get into the fundamentals of web security.