Web Security always is the impotent issue in web development. To face the newest threat of web vulnerability, keep learning to improve yourself and understand the root cause of vulnerability is the most impotent thing.
In the advanced level course, we will introduce the OWASP TOP 10 basic web vulnerabilities, trainer will use the real world used cases to help students learn from basic to advanced. During the step by step laboratories to introduce the potential web attacks caused by the newest web development techniques and tools. In the end, we will introduce the method and theory of many web security defending mechanisms. And explain how to defend those threats in the future.
In this lab, we will use the tool developed by trainer insteat of the comment web security exercise page. (Such as DVWA, WebGoat, etc)
Background knowledge:
- Know HTML, javascript
- Know how HTTP work
- Know some basic knowledge of web security
Tool:
- Know python
- Know docker
Good to have:
- Experience of web development
- Experience of any web front-end famework
- Experience of developing tool
Ubuntu (14.04 or 16.04) with docker installed
蘇學翔 (SYUE-SIANG SU) a.k.a. Boik
2 years experience in computer security focus on web security. He is active in promoting computer security and CTF in National Sun Yat-sen University.
Recently contribute some open source project in github.
TDOH system reacher team, 4th place of F-Secure Taiwan IT Security Competition, 2nd place of Vulreport vulnerability report points race, member of Bamboofox.