The course will teach participants about typical vulnerabilities in modern web applications and tips and tricks for secure web programming. The most common security problems will be described in detail and demonstrated live. We will also take a look at the issues raised in the OWASP top 10 and participants will learn how to implement countermeasures. The course has been designed to be technology-independent and thus suitable for all web developers. 

The first part of the course focuses on server-side security. This part of the course mixes theory, demonstrations and practical exercises.

The second part focuses on the client (desktop or mobile browser). Participants will have an opportunity to attack and find vulnerabilities in an application in a protected environment. The course will present common tools and teach participants how to use them.

The course is designed to be interactive and includes novel attack techniques and appropriate countermeasures.

Goals

Participants will be made familiar with current vulnerabilities in modern web applications and be able to explain the issues involved. They will also know what protective measures are available and how they are implemented. They will know what tools are needed to analyse and secure web applications and will be able to put themselves in the shoes of a hacker.

Target group

The course is aimed at software developers and architects who are involved with web technologies.