Web Security Training

Navigating the web security landscape

Navigating the web security landscape

Web security is becoming increasingly important, especially with the rise in attacks coming from criminal organizations, activists or even business competitors. As the media attention for security incidents is steadily increasing, building better and more secure applications quickly becomes a competitive advantage. The web security landscape has drastically changed in the last five years, as numerous new attacks have emerged, and more than a dozen new security technologies have been added to the browser.

With our web security training program at imec-DistriNet, we provide you with highly-needed insights into current and future threats, state-of-practice defenses and upcoming technologies. Contrary to common practice, our trainings cover more than practical deployment guidelines. We not only explain the reasoning behind the design of new security technologies, but also focus on the integration of these security technologies in current applications, and their potential implications on legacy software.

I would recommend the Web Security Essentials training to all web developers and architects: the balance between the slide sessions and the practical labs made the course a joyful full-immersion in the security field.

Nicola Di Giorgio, Software Architect/CEO, PREGIOTEK sprl

Addressing your training needs

Each organization has their own specific development processes, with varying levels of maturity on the different aspects throughout the cycle. Whether you want to raise awareness among your entire development staff with a basic security training course, or you want a dedicated team to gain thorough security knowledge, we offer customized trainings to address your specific needs.

One example of what an extensive training looks like is our Progressive Web Security course. This 4-day training course takes a deep dive into modern web security, and covers a large part of the web security landscape. We not only teach this course in-house at companies, but also recurrently host it at imec-DistriNet. The course has been attended by developers, system administrators and project managers, and received great reviews across the board, as you can see below.

I arrived at Philippe’s web security course with some general technical knowledge of vulnerabilities that online users and developers may face, but left with hours of practical experience of dealing with a much wider and up-to date range of cases and attacks, facing them as an attacker, as a user, as a developer or as a systems administrator. Some very common security myths have been debunked, and I left with a large set of theoretical knowledge and practical weapons to fight the attackers in many cases. Philippe was also very attentive to provide practical context that applied to all of the student’s real life and work cases, and how to properly handle those to avoid all damage to sensitive data and resources. Thanks Philippe !

Alexandre Istratov, R&D Software Architect, Efficy

Each of the four days in the course tackles an important aspect of building a secure web application. Throughout the course, we cover the following topics:

  1. Why simply deploying HTTPS will not get you an A+ grade
  2. How to avoid common pitfalls in authentication and authorization on the Web
  3. Why modern security technologies will eradicate Cross-Site Scripting
  4. Four new browser communication mechanisms, and how they affect your application

I have attended all 4 of the security seminars taught by Philippe and it is a must do for every software engineer. Essential security concepts, mechanisms, vulnerabilities and countermeasures are explained in details with vivid examples of how catastrophic the consequences could be if a software engineer chooses to ignore them. Philippe explains very thoroughly, yet in a very interesting and clear fashion how elementary it is for the malicious users to exploit a vulnerability. Obviously and most importantly, countermeasures are presented to help us engineers fix the problems systematically and protect our valuable software systems. The seminars switch between a top-down solid theory behind the security problems and their solutions and hands-on sessions to demonstrate those problems and try the countermeasures in practice.

Aram Hovsepyan, CEO, Codific