Just wrapped up my second session on Software Quality Engineering co-lecturing with Prof. Dr. Katja Wengler at DHBW Center for Advanced Studies in Heilbronn, Germany, and I’m once again struck by the incredible dynamism of these lectures. The level of engagement always astounds me.
๐ Day 1 was all about DevSecOps and Secure-SDLC, where we dived into secure coding practices, and yes, I couldn’t resist touching on LLM and it’s impact on secure coding!
๐ Day 2 was even more hands-on. We explored how to detect and exploit vulnerabilities, and we had rich conversations on prevention techniques for each vulnerability identified.
A standout moment was during our live Google Dork demo, where we stumbled upon a SQL-Injection in the wild โ a truly jaw-dropping moment.
And following our discussion on SQL injection prevention, I know for sure that one of the students realised they had some code to fix from just a week ago.
Take a look at the more in-depth description of this workshop:
Secure Coding Training Objectivesย
This training provides a comprehensive understanding of the most common and dangerous security vulnerabilities in web applications, using the OWASP Top 10 as a reference. Through a combination of theoretical lectures and practical exercises, participants will learn to identify critical vulnerabilities in web applications, understand how attacks on them work, and how to take necessary measures to fix these vulnerabilities and prevent attacks. The training consists of a mix of theory about current threats and real-world examples, and practical exercises that address and handle these threats. Participants have the opportunity to examine an insecure web application (OWASP Juice Shop) using the methods they have learned and to identify vulnerabilities. Once the vulnerabilities are identified and attacked, the training covers relevant defensive measures to prevent attacks, thus providing a useful catalogue of measures for secure programming. Through practical exercises, participants can directly apply the knowledge they have learned and thereby improve their skills in assessing and enhancing the security of web applications.
“To beat a hacker, you need to think like a hacker” – In this training, participants will learn how to develop secure web applications by knowing the OWASP Top 10 vulnerabilities and being able to apply preventive measures. For this, participants will learn to view vulnerabilities from the perspective of an attacker in order to secure them effectively.
“Hacking is like chess, every move must be well thought out” – Participants in this training will learn how to implement effective protective measures against common attack methods such as SQL Injection, Cross-Site Scripting, and Broken Authentication. To this end, participants will learn to apply secure coding measures to effectively counter attackers.
“It’s not a question of if you get hacked, but when” – Participants in this training will learn how to identify and remedy security-critical vulnerabilities in web applications using tools and methods such as penetration tests, automated scans, and code reviews. Participants learn to be proactive and identify and fix vulnerabilities before they can be exploited by attackers. Methods such as Zero Trust and Defence-in-Depth should show participants how to limit damage in unavoidable incidents.
“The best defence is a good offence” – The goal of this training is to give participants an understanding of how attackers exploit vulnerabilities in web applications and how they can proactively identify and fix these vulnerabilities. To this end, participants learn to proactively take measures to effectively secure their web applications.
“Security is not a product feature, but a design principle” – In this training, participants should learn how to improve the security of web applications through secure coding measures, validation of user inputs, and secure authentication. To this end, participants learn to view secure coding as a fundamental design principle.