Web Application Security (WAS) (inglise keeles)
Training duration: 4 days (32 academic hours) of instructions heavily mixed with hands-on labs. Duration may depend on audience
Group size: 12 participants maximum
Target audience: WebApp developers, maintainers, web server or hosting providers/administrators, information security specialists and managers, testers
Web Application Security training consists of two modules:
- Client-Side Attacks
- Server-Side Attacks
The training is held by our partner Clarified Security.
Training methods
Trainers will engage participants with lectures, live attack demonstrations and practical examples followed by individual hands-on exercise scenarios. Training is interactive, practical, and besides active participation also full of attack stories that help to change the perspective and understanding of real life security threats.
Ideology of this training
This training focuses on attacks so that the need for defence is better understood. OWASP project should be the bible of everyone dealing with WebApp development and security and OWASP ASVS (Application Security Verification Standard) is one of the golden standards of WebApp security testing. This training will cover all WebApp attack types and instills this knowledge with lot of hands-on exercises. With first-hand experience in those attacks, participants are better armed with understanding the attacks and why they are conducted.
Contents of this training
Web Application security essentials (4 parts, 8 lectures with practical demos and exercises for each vulnerability, including complex attack scenarios):
Client-Side attacks
|
Server-Side attacks
|
*All attacks have hands-on demos, exercises and “lessons learned” from our pentesting services.
Intended outcome
Participants will have their assumptions challenged, get a healthy dose of paranoia and will start to fear user input. In other words: learn the security basics of producing better software.
Participants will receive a certificate of completion for 32-hour hands-on course to clarify web application attacks, vulnerabilities and defence.
Täienduskoolituse õppekavarühm: Informatsiooni- ja kommunikatsioonitehnoloogia interdistsiplinaarne õppekavarühm
Koolitaja
-
Elar LangPentester (WebApps), trainer, researcher
Elar is an experienced PHP developer who enjoys researching web attacks and security. In Estonian IT College he wrote his diploma on “PHP Application Layer Attacks – mechanisms and protection” and in Tallinn University of Technology his master thesis on “Web Application Security – hands-on training”. Both schools were graduated with honors (cum laude), of course. He is constantly improving and working on his trainings to keep them up to date and for giving the best trainings possible. In March 2017 he rounded up 2000 hours of WAS training given since 2012 March launch and the count is growing fast.
-
Marko BelzetskiPentester (WebApps) and trainer
Marko joined the team in August 2016 as a Web Application Pentester. Although his previous work experience has mainly been in finance and business support, he has also done freelance web application development. Marko holds a bachelor in business administration from Northwood University and is currently obtaining a degree in IT Systems Development from Estonian Information Technology College.