Securing Web Applications, Barcelona

Two days of hands-on training to build more secure applications

_

Delivered by the expert instructors of RisingStack.

Czibik Peter Gergely Nemeth Tamas Kadlecsik

Peter Czibik, Gergely Nemeth & Tamas Kadlecsik

Tickets

Additional Information

This course is for you if

  • you use Node.js in your organization,
  • you want to understand security in Node.js better,
  • you want to migrate to Node.js,
  • you want hands-on experience in secure servers with Node.js.

Prerequisites

You will get a lot more out of this course if:

  • You have a basic understanding of Node.js.
  • You have or want to build an app using Express or Koa.

The exact location of the venue in Barcelona will be announced later.

Course outline

Day One:

1. Injection

Injection attacks are among the most common attack vectors - they include SQL Injections, Cross Site Scripting (XSS) or trusted third-party sites. In this section, you will learn what these attacks are, and how you can defend your applications against them.

2. Authentication

Learn how you can properly authenticate users, how to handle cookies, how to store passwords and sessions.

3. Cross Site Request Forgery

In this section, we will go through what CSRF is, and how attackers might try to exploit it. You will learn how to defend your applications against them.

4. Insecure Dependencies

npm has hundreds of thousands of modules. Sometimes, with an ecosystem this big, security vulnerabilities will be introduced to certain modules. You will learn how you can monitor your dependencies.

Day Two:

5. Default Configurations

Default configurations are sometimes not security-minded. They focus on the ease of use, therefore often leaving doors open for attackers. We will take a look at how you can secure your deployments with better configurations.

6. Logging

It is crucial to have a detailed audit log of what happens in your systems. With the help of them, you can investigate issues. However, logging has its danger sources as well, so you need to learn how to be security-minded when developing Node applications.

7. The Human Factor

95% of security problems are the result of some human error, like sending passwords in emails or using the same user for multiple actual users. In this part, we will go through some actionable items to make your company more secure.