This course will introduce modern web security, with a focus on HTTPS and the Secure Socket Layer (SSL) standard. In the age of the modern web application, security has to be taken very seriously. Applications written to work without an eye for security - storing information in cookies and plain-text HTTP - can leak sensitive user information and cause enormous business risk.

This is a deep, one-day introduction intended to get IT managers and analysts from a basic understanding of cryptography to a complete understanding of security in the modern web stack. The instructor has over a decade of experience working on with web application design and development. We will use examples from real life to illustrate the instruction.

At the end of this course, attendees will:

• Understand the need for web security, and the different techniques available secure web applications
• Learn the basics of modern cryptography, including encryption algorithms, public key infrastructure, hashing, and the underlying theory from discrete mathematics
• Gain knowledge of protocol-level security mechanisms, attack vectors, and best practices, with a focus on HTTPS and SSL.

Aimed at analysts, developers, and engineers. Web security will be described in a language-independent way, but examples will be used from Java to illustrate concepts in practice.

Basic background in programming with a mainstream programming language will be helpful but is not necessary.

Short instruction sections will be separated by 30m labs, featuring hands-on examples.