...
The course will begin after lunch on Tuesday 1 March, and end around 13:00 on Thursday 3 March.
Please note this is a preliminary agenda and subject to change. If you have any comments or suggestions about the content of this agenda please contact the GEANT Training Activity.
1 March (13:00 - 17:00)
SESSION 1 - Introduction
- Introduction to the training
- How we support building secure MDS tools
- Threat modelling and risk assessment
- Data sanitization – meaning and techniques
- Secure file uploads mechanisms
2 March (9:00 - 17:00)
SESSION 2 - Secure Web programming (part I)
- Injection flaws
- Broken authentication and session management
- Cross-site scripting flaws
- Insecure Direct Object References
- Security misconfiguration
- Sensitive data exposure
- Missing function level access control
SESSION 3 - Secure Web programming (part II)
- Cross-Site Request Forgery (CSRF)
- Using components with known vulnerabilities
- Unvalidated redirects and forwards
- Workshop summary
- HackMe Contest
3 March (9:00 - 13:00)
SESSION 4 - Coding and analysis
- Code review strategies and techniques
- From riddle to Heartbleed – catch the bug!
- Review of free static source code analyzers
- Workshop: automated source code analysis
After the training the lecturers will be available for questions and discussion.
Preregistration form questions
Which programming languages do you know, use and plan to use in the GEANT project?
Please use: 0 - never used, 1 - used for some little projects, 2 - quite familiar, 3 - expert.
How do you rate your security knowledge?
0 - no experience
1 - I just know what SQL injection and XSS means
2 - I am familiar with most of the topics in the agenda