Secure Programming of Web Applications for Developers and TPMs - Start
Web Application Security for Software Developers and Technical Project Managers
Understand Application Security: Numerous successful attacks on well-known web applications on a weekly basis should be reason enough to study the background of "Web Application Security" of custom-made or self-developed applications.
Computer systems are ubiquitous and part of our working and private everyday life. For companies it is increasingly complex and difficult to keep up their IT security with the current technical progress. Large enterprises establish security processes which are created according to industry standards (e.g., ISO 27001). These processes are very complex and can only be implemented by teams of security experts. Constant quality assurance, maintenance and adaptation also belong to an IT security process.
It does not matter if a company develops products or runs an online shop, IT security is a characteristic feature. Security incidents, which maybe even reach public uncontrolled, do not only damage the business image but may also lead to legal or financial consequences.
In this course, you will see...
- Introduction to secure coding/programming
- Common vulnerabilities
- Security specifically of web applications
- Security baselines
- Secure programming patterns / defensive programming techniques
- Robust and secure coding practices
- Attack demos
- Relevant for: Web Development, Web applications, Cloud services, Web services
Instructions
Use the player controls to play the HD video content in full screen mode and to activate subtitles.
This is only an abridged excerpt from the course
Secure Programming of Web Applications for Developers and TPMs
Chapters
| Number | Title | Length |
|---|---|---|
| Start | ||
| 1 | Introduction and Motivation (Full preview availabe) | 2 min |
| 2 | Well-known Vulnerabilities Overview (Full preview availabe) | 2 min |
| 3 | Causes & Background | 9 min |
| 4 | Secure Programming in general | 3 min |
| 5 | BankBoard Intro – A vulnerable Java Web Application | 3 min |
| 6 | Code/Command Injection | 3 min |
| 7 | (No)SQL Code Injection (Full preview availabe) | 4 min |
| 8 | DEMO: BankBoard SQL Code Injection (Full preview availabe) | 2 min |
| 9 | Cross-Site Request Forgery (CSRF) | 5 min |
| 10 | DEMO: CSRF | 2 min |
| 11 | Cross-Site Scripting (XSS) | 5 min |
| 12 | DEMO: Simple XSS | 2 min |
| 13 | Open Redirection | 4 min |
| 14 | File Inclusion / Directory Traversal | 4 min |
| 15 | Clickjacking | 4 min |
| 16 | Session-Hijacking | 7 min |
| 17 | DEMO: XSS with Session-Hijacking | 2 min |
| 18 | Information Disclosure | 3 min |
| 19 | Authentication | 7 min |
| 20 | Denial of Service | 4 min |
| 21 | Middleware | 1 min |
| 22 | Third-Party Software | 1 min |
| 23 | Conclusion & Summary | 3 min |
| A1 | [Appendix] Java Coding Example - Secure Password Hashing/PBKDF2 | 18 min |
| Course Assessment |