Introduction to Secure Coding for Web Developers

Introduction to Secure Coding for Web Developers

In this one-day, intensive introduction to web application security, developers directly explore common code vulnerabilities and how to mitigate them. The class is full of “uh, oh” moments when developers dramatically see the consequences of failing to write secure code, followed by the “ah, ha” satisfaction of correcting their code to make the vulnerabilities disappear.

 

SECURE CODING TRAINING OBJECTIVES

All students will learn how to:

  • Validate data to defend against injection and other attacks
  • Prevent Cross-Site Scripting (XSS) vulnerabilities
  • Gain a deep understanding of SQL injection attacks and how to defend against them

SECURE CODING TRAINING PREREQUISITES

Prior experience with HTML, CSS, JavaScript, and SQL is presumed.

SECURE CODING TRAINING MATERIALS

This coding class includes electronic courseware and code examples.

SOFTWARE NEEDED FOR EACH PC:

  • Google Chrome and any other modern web browsers with which you would like to test
  • JavaScript IDE of your choice
  • Node
  • Related lab files
  • For classes delivered online, all participants need either dual monitors or a separate device logged into the online session so that they can do their work on one screen and watch the instructor on the other. A separate computer connected to a projector or large screen TV would be another way for students to see the instructor’s screen simultaneously with working on their own.

SECURE CODING TRAINING OUTLINE

  • Introduction
  • Data Validation
    • Understand the Business Logic for the Data You Accept
    • Limit the Amount of Data You Are Willing to Accept
    • Use a Whitelist to Sanitize Incoming Data
    • Properly Handle Exceptions
    • Reminder: The User Interface Can Always be Bypassed
    • Working With Encoded Data
    • Data Validation Checklist
  • Cross-Site Scripting (XSS)
    • Reflected Cross-Site Scripting
    • What an Attacker Can Accomplish
    • Persistent Cross-Site Scripting
    • Preventing Cross-Site Scripting Vulnerabilities
    • Testing for Cross-Site Scripting Vulnerabilities
    • Cross-Site Scripting Prevention Checklist
  • SQL Injection (SQLI)
    • Exploiting a SQL Injection Vulnerability
    • Blind SQL Injection Attacks
    • Union-Based SQL Injection Attacks
    • Second Order SQL Injection Vulnerabilities
    • Direct Database Attacks
    • Preventing SQL Injection Vulnerabilities
    • Making Attacks More Difficult
    • Identifying Existing Vulnerabilities in Your Code
  • Conclusion

Send a Comment

Your email address will not be published.

CONTACT US

+91 9376007676  

INQUIRY NOW


,

Introduction to Secure Coding for Web Developers

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...
  • Course No : SEC-100
  •  Theory : 50%
  •  Lab : 50%
  • Duration : 6 hours
Scroll Up
Skip to toolbar