ESI CEE www(dot)esicenter(dot)bg
Home  |  About us  |  Contacts
CMMI & SPI
Cyber Resilience
e-Leadership
e-Society
e-Competences
Trainings
Our Partners
Projects
Resources





SEI Partner

CMMI Institute

Proxor

Eastern European center of


Contact Point for e-CF in Eastern Europe

World Summit Award






News  » 17 Sep 2016, CyResLab of ESI CEE
Share

WEB SECURITY DAYS, October 2016

SQL Injection, XSS, CSRF, HTML injection, Authentication?
Practical examples, Labs, Hands-on approach!

This October, as a part of the activities dedicated to the European Cyber Security Month (ESCM), the CyResLab (Cyber Resilience Lab) of ESI CEE is launching a special set of cyber security related courses, targeted to SME’s software developers, designers, application and system engineers. This is the technical layer of the general lines of ESI CEE in the field of Security by Design, Cyber Resilience, Privacy by Default and Secure Coding. As part of the European Cyber Security Month, CyResLab's web security days return with a whole new improved agenda.

Top 10 Web Threats

When: 17 October 2016
Where: Sofia Tech Park

Various sources identify that between 20% and 60% of websites have each at least one serious vulnerability. Our own research at ESI CEE confirms that the danger is significant. A serious issue is the diversity of threats on Web platforms – different types of attacks can shut down entire services, steal valuable data, impersonate legitimate sites, intercept data on-the-fly, forge user actions, etc. Due to the constant increase in the number of attacks on Web applications, a Web developer now has to be aware of the threats in order to effectively counteract these threats and produce secure and correctly working systems. This 1-day course is designed to introduce developers to the inner workings of the top web threats, how they are exploited, and how to write code that is secure against these threats.
The course includes live demos of attacks, exercises in detecting and leveraging threats, examples of weak and vulnerable code and the process of repairing it and fixing vulnerabilities, mitigation tactics, developer-specific best practices and discussions on how not to write vulnerable code in the process of daily work. The course is mostly technical and not organizational.

Objectives
Successful completion of this course enables participants to:
- Be aware of the top threats in Web development;
- Know the tactics used to mitigate these threats;
- Do not systematically allow security vulnerabilities to 'slip in' while developing a product/website.

Advanced Web Threats

To continue where we left off at ‘Top 10 Web Threats’ - check out the new and improved two-day advanced web threats course.

When: 20-21 October (two days)
Where: Cybersecurity Lab @ Sofia Tech Park

The course intends to pick where “Top 10” left off – namely to deepen the understanding of the top vulnerabilities and to broaden the scope of vulnerabilities that are discussed.
The course includes live demos of attacks, exercises in detecting and leveraging threats, examples of weak and vulnerable code and the process of repairing it and fixing vulnerabilities, mitigation tactics, developer-specific best practices and discussions on how not to write vulnerable code in the process of daily work. The course is mostly technical and not organizational.
The advanced course will additionally include exercises in which participants in turn attempt to fix and attack particular implementations. A heavier focus will be placed on labs.

The goal of this course is to prepare developers for dealing with real-world sophisticated attacks, so they can properly design and code in order to deliver a resilient and secure product.

Course agenda:
- Introduction
- Advanced SQL & NoSQL Injection
- Advanced XSS & HTML-only Injection
- Server-side request forgery
- XML Injection
- Advanced CSRF Examples & Labs
- OpenID & OAuth
- Integer security
- Basics of Secure Coding

Prerequisites: Suggested background is the ESI CEE “Top 10 Web Threats” course or equivalent knowledge.
The course requires a deep understanding of web technologies and strong programming skills.

Ideal for: Web front-end and back-end developers, software engineers and architects that have a good grasp on development processes but have had no specific training in security. Also appropriate for mobile developers working on hybrid and/or pure-Web platforms.

Instructor/s: Professionals from ESI CEE Cyber Resilience Lab, partner of Software Engineering Institute, Carnegie Mellon University.

Certificate: Upon successful completion of the course attendees will receive a certificate from ESI CEE.

Confirm your interest to book your place or contact us for any questions concerning registration and further details at tina (at) esicenter (dot) bg or +359 884 651 611; +359 2 4899740 - Christina Todorova


CMMI & SPI  |  Cyber Resilience  |  e-Leadership  |  e-Society  |  e-Competences  |  Training  |  Our Partners  |  Projects  |  Resources  |  News

2004 - 2011 © ESI Center Bulgaria, 2012 - 2015 © ESI Center Eastern Europe. All rights reserved. Read Legal policy and Privacy policy.