Awareness Training Web-Security
The training raises awareness of the security risks of web applications and teaches practical countermeasures through theoretical and practical exercises.
At a glance
General information
- 1 day training with compact agenda (on-site or remote)
- Large practical part “hack web application yourself”
Target group
All those involved in web development projects: Developers, architects, product owners, testers, scrum masters, project managers
Application examples
Creating awareness of security risks in web applications
Description
This training addresses the typical requirements of web applications, creates awareness of the most common security risks and provides practical knowledge on countermeasures in theory and practice.
The security of IT systems is increasingly becoming the focus of companies because their networking, architecture and implementation expose them to potential threats. Nowadays, a large number of applications are accessible on the internet in the form of a web application or as an API and even a single vulnerability can be enough for attackers to penetrate the system and cause damage.
To make this risk manageable, security requirements must be taken into account in the software development process right from the start. To do this, software developers must be aware of the attack vectors in order to recognize and avoid typical vulnerabilities.
This training addresses the typical requirements of web applications, creates awareness of the most common security risks and provides practical knowledge on countermeasures in theory and practice.
On the training day, participants are sensitized to the risks of inadequate security in web applications. To this end, the most common problem areas are presented using the OWASP Top 10 are presented.
In order to make the theoretical knowledge tangible, the participants are given the opportunity to hack a prepared, intentionally vulnerable web application themselves.
Because only if you know the possibilities of an attacker, you can also consider and implement appropriate countermeasures when developing a software project.
The application to be hacked is selected and prepared according to the participants’ level of knowledge. This means that non-technical project staff can also take part.
We offer both public training courses on fixed dates and individual training courses with customizable focal points.
Agenda
- Introduction to security: Motivation and security goals
- The most common security risks in web applications
- Practical part: Hacking the web app yourself
Typical questions we answer:
- What security risks need to be considered when developing web applications?
- How does the attack surface of a single-page application (SPA) differ from a server-side rendered application?
- What are the best practices for implementing authentication, authorization or cryptographic procedures?
- What relevance do SQL injection, cross-site scripting (XSS) and credential stuffing have today and what countermeasures are recommended?
- How does an attacker proceed, what tools does he use, and what can be learned from this for development?
- signed certificate of completion
- in-house training
- Customization available (agenda, tech stack, language, etc.)
- small training groups
Why inovex Academy?
Our offerThe inovex Academy has set itself the task of passing on knowledge about methods and technologies that we already use successfully in our projects.
Curated content
Our trainers create a customized training offer based on your requirements.
Customizable tech stack
In exclusive trainings, we can consider your tech stack for the training content.
Individual assistance
If needed, we can tailor the training to a specific use case of your company and work directly based on your data.
Trainers
Our trainers are field-tested experts in their areas of expertise. Through their work in projects, they expand their knowledge day by day and pass on this know-how in their trainings - application-oriented and practice-oriented.
Clemens Hübner
Dr Michael Gerhäuser
Dr. Michael Gerhäuser has been working professionally as a software developer since 2014 and joined the inovex team in 2022. He specialises in the design and implementation of web applications, both frontend and backend with operations and monitoring. He is also interested in topics such as software performance and web application security. In his private life, Michael is involved in the local software craftsmanship community by organising a Rust Meetup and as a member of the organisation team of a local barcamp.
Our training approach
From the needs analysis to the awarding of certificates, we offer customized training courses, flexibly designed and carried out according to your requirements.
If you are interested in in-house training, we will start by identifying your needs and discussing your objectives. This discussion forms the basis for an initial offer.
As soon as the framework data has been clarified, our trainers start adapting the training content. Many of our training courses have a modular structure and offer the opportunity to design the agenda flexibly. Training courses that prepare for certifications, on the other hand, are less flexible. Here, however, you can set the content focus according to your wishes.
You will receive all relevant information in advance of the training. The training will then take place in the room of your choice and at the agreed time. Our trainers will adapt to your requirements.
After completing the training, all participants receive a certificate confirming their participation. You will also have the opportunity to give us feedback on the content and the course. We are always happy to receive praise and suggestions for improvement.