Who should attend ?
Web Application Developers, Web Site Admins, IT Security Centre Personnel, Auditors, Cyber Security Experts.
Basic knowledge of web technologies.
- Information gathering
- Configuration management flaws
- Input / output manipulation
- Cross Site Scripting (XSS)
- Injection flaws: SQL Injection, OS command injection etc.
- User authentication flaws
- Authorization flaws
- Session management flaws
- Session fixation
- Session hijacking
- Cross Site Request Forgery (CSRF)
- Application logic
- Log management
- Failure management
- Secure application management
The attendees will learn important security components of HTTP based applications, most common mistakes, how to avoid making these mistakes and how to assure sustainable application security.