About the course

Cyber ​​threats are increasing and evolving on a daily basis and becoming a constant in human life, making correct information on how to protect yourself from said threats very important. The course of secure software development is intended for all information system developers. As a part of the course, we will learn about examples of good security development practice, learn more about secure coding techniques and the most common security risks for web applications. Furthermore, we will discuss OWASP TOP 10, learn how to identify and eliminate common vulnerabilities in web applications and use this knowledge on a specific practical example. A general understanding of threats, their consequences, and possible solutions will provide you with essential knowledge to mitigate the impact of these threats.

Goals

The participants will learn:

• the 10 most common threats detected by OWASP,
• the impact of these threats,
• how attackers can take advantage of these threats,
• how to mitigate these threats - the threats will be explained conceptually, as the implementation of the threat may vary depending on the situation.

• Deploying applications in an environment configuration

• System setup errors
• Application configuration errors

• Detailed review and testing of typical application errors

• SQL Injection - Manipulation of parameters
• Path traversal
• Data loss
• Base enumeration
• Cross Site Scripting (XSS)
• XXE

• Code analysis and troubleshooting in the web application

• Connection to microservices - The most common configuration errors

• Trust between microservices

• Authentication and user management

• Passwords
• Cookies
• Session management
• User rights

• Cryptography

• Daily files

• Error management

• Security by design

The course is intended for developers who have already mastered the basics of development and the basic development patterns.

Gregor Spagnolo