Beskrivning

Target Audience
This course is designed for developers and architects who want to learn proven practices for writing more secure applications.

Prerequisites

Participants should have:

• Basic understanding of programming in an object-oriented language (C#, Java, JavaScript, etc.)
• Experience with standalone application development
• Basic understanding of web technologies, APIs, and HTTP (recommended)

Course Agenda

• Introduction to Secure Development 

  We start by examining common security failures developers face in the real world. What are attackers really after? Why do security vulnerabilities occur? We’ll cover the fundamental goals of secure coding, introduce the CIA triad (Confidentiality, Integrity, Availability), and explore STRIDE as a systematic way to think about threats. This foundational session sets the security mindset for the rest of the day.

• Unicode and Encoding Security

  Improper Unicode handling is a subtle but dangerous vulnerability. This module explains why character encoding matters and how it affects string comparisons, log files, and user input processing. You’ll discover how attackers can exploit applications using mixed encodings and why proper Unicode handling is a critical component of secure input validation.

• Securing Dependencies and Supply Chain

  Modern applications rely heavily on third-party libraries and packages. But what happens when one of them is compromised? This session covers the growing risks of typosquatting attacks, dependency confusion, and compromised packages. Learn how to secure your build servers, implement dependency scanning, and track your components using a Software Bill of Materials (SBOM). Understand why your supply chain is part of your attack surface.

• Denial of Service Protection

  Denial of Service (DoS) attacks aren’t limited to network flooding. They can target your application logic directly. We’ll examine real-world examples of DoS vulnerabilities through regular expressions (ReDoS), XML parsing bombs, large file uploads, and other resource-intensive operations. Learn practical techniques to detect these risks and implement protection through rate limiting, input validation, and safe defaults.

• Session Security and Authentication

  Once users are authenticated, their sessions become high-value targets for attackers. This module explores common attacks on sessions and cookies, how stolen credentials are exploited, and proven methods to protect them. We’ll also cover Multi-Factor Authentication (MFA), phishing-resistant authentication methods, and techniques to detect when your session management has been compromised.

• Cryptography: Keys, Certificates, and Signatures

  Asymmetric cryptography powers modern security, from secure communications to data integrity verification. This hands-on session explores how private and public keys work in real systems. Learn when and how to apply these tools effectively.

• Modern Authentication with OpenID Connect

  This final module introduces the fundamentals of OpenID Connect and OAuth 2.0; the backbone of modern authentication systems. Gain a practical understanding of how contemporary authentication flows work, how tokens are used securely, and the role of identity providers in today’s distributed applications. This overview connects theory to real-world implementations and prepares you for deeper exploration of modern identity systems.

Kursen levereras i samarbete med

Kontakta oss om denna kurs