SanEd consulting

Company profile

SanEd consulting is an IT training company which initiated its services in 2005 primarily as Sun Microsystem's authorised training provider. Our training portfolio was Solaris and Java focused. Later on we upgraded our portfolio and included authorisations from Veritas / Symantec and Oracle after aquisition of Sun. 

As the global IT market is rapidly changing and developing we must have accepted its needs and trends. Thus, beginning of 2014 we decided to "refurbish" our services and included new, young and perspective partners and together prepared number of interesting trainings you can find in our catalogue.

We are looking forward to successful cooperation with you.

.
поздравления с новорожденным

Security from developers' view / Creating cecure code

Start Date:
Not Specified
Finish date:
Not Specified
Code:
CIT001
Price:
0.00 EUR (VAT excl.)

Description

Web applications are dominant target of hacker attacs. Successful attacs result in unwanted consequences, such as sensitive information loss, financial damage or corruption of company's reputation. This training clarifies the attack principles, their nature and correct precautions. Practical part is a component where developers can practice number of roles - attacker, defender, even an analytic examining the incident.

 

Duration:

2-4 MD (according to customization)

 

Training structure:


Demonstrational Hack (ideally hack of a currently running project)
 o Why is it possible?
 o Hotfix
 o Hack after hotfix

Intro into security
 o Security principles
 o Security weaknesses 
 o „Inventing the wheel“
      ■    Cryptography + best practices
      ■    Authentication + best practices

Hacker's view
 o Gaining information 
 o Tools
      ■    Automated
      ■    Manual

Application failures - OWASP Top 10
 o A1-Injection
      ■    SQL injection
      ■    XSS - Cross Site Scripting
      ■    Other injection attacks (XML, ORM, LDAP, path traversal) o A2-Broken Authentication and Session

Management
 o A3-Cross-Site Scripting (XSS)
      ■    Will be described in block with A1
 o A4-Insecure Direct Object References
 o A5-Security Misconfiguration
 o A6-Sensitive Data Exposure
 o A7-Missing Function Level Access Control
 o A8-Cross-Site Request Forgery (CSRF)
 o A9-Using Components with Known Vulnerabilities
 o A10-Unvalidated Redirects and Forwards

 

Price:  on demand

 

Date:  on demand


Book the course: Security from developers' view / Creating cecure code

Bookings are disabled.

     

- Trainings - - - Security from developers' view / Creating cecure code