Web Application Security Primer for Front-end Developers

Course Description

This course is aimed at front end web developers to help them understand the sort of threats their web applications will be exposed to. It will give an overview of security best practices along with practical demonstrations of actual threats and how to mitigate against them. This course takes the approach that security is holistic and that all people involved should be aware of the threats. It will cover backend, front end, database and server vulnerabilities and demonstrate real threats and their solutions. The backend and database topics will be demonstrated rather than worked through at the code level.
3 Days
Contact us for pricing
 

Prerequisites

This course assumes familiarity with developing web applications and is specifically aimed at front end developers who might not be involved in configuring and deploying the applications but need to be aware of the threats that web applications face.

Introduction

Web Application Security
Types of attacks
Introducing a poorly written web application

Attack Vectors

OWASP Top Ten
Common Weakness Enumeration
Common Vulnerabilities and Exposures

Cross-Site Scripting

OWASP No. 3
What is XSS?
Demonstrate XSS attacks
Resolving XSS attacks

Cross-Site Request Forgery

OWASP No. 10
What is XSRF?
Demonstrate an XSRF vulnerability
Resolving XSRF attacks

Injection Attacks

OWASP No. 3
SQL Injection
NOSQL Injection
Parameterised queries
Entity framework considerations
Some sample attacks along with solutions

File Uploads

OWASP No. 4 & No. 5
File Upload Vulnerabilities
Path traversal attacks

XML External Entity Attack

OWASP No. 5
What is an XXE attack?
An example attack
C# ASP.NET solution

Authentication And Authorization

OWASP No 7 & No 2
Password Strength
Encrypting passwords
Minimising access using authorization
Database credentials and read only access unless necessary
3rd party authorization

Server Side Request Forgery

OWASP No. 10
What is SSRF?
Demonstrate a SSRF attack
Resolving SSRF Vulnerabilities

Meet The Hackers

Viewing web server logs
The threat landscape
Types of attack
Tools used by hackers
Setup a public server on a well-known ip address and monitor the logs
Understanding the role of network security
Security by design
Security concepts and terminology
The role of AI in Web Application Security

General Principles

Don't share unnecessary information
Use proper exception handling and custom error pages
Patch servers and other libraries
Externalise sensitive information like passwords
Use encryption
Use SSL
Sanitise all information coming from users
Monitor logs
Review code
The Human Factor

Threat Monitoring

The importance of logging
Application logs
Network logs
Monitoring logs

Security Best Practices

Code development practices
Security testing strategies
Code reviews
Runtime protection for application development

Conclusions

Review of threat landscape
Importance of monitoring logs
Security checking tools and penetration testing
SecurityASP.NETC#WebCyber SecurityFront-end developers