Web Security Training with Spring Boot
This training focuses on typical requirements for web applications, raises awareness about the most common security risks and imparts practical knowledge on countermeasures in both theory and practice.

At a glance
General information
2 days practical training
Target group
Software developers and security engineers (basic knowledge of Spring Boot required)
Application examples
Providing Security in Web Applications
Preventing discovered vulnerabilities during development
Description
The Training sessions are usually held in German. Please contact us if you are interested in Training sessions in English.
Increasingly, IT system security is becoming a focal point for companies. This is because they are exposed to potential threats as a result of their networking, architecture and implementations. Many applications are now available online in the form of web apps or APIs, and a single security vulnerability can be enough for attackers to invade the system and cause damage.
To control this risk, security requirements must be considered from the very start of the software development process. Software developers must be aware of attack vectors in order to identify and avoid typical vulnerabilities. This training focuses on typical requirements for web applications, raises awareness about the most common security risks and imparts practical knowledge on countermeasures in both theory and practice.
On the first day of training, participants are sensitised to the risks of inadequate security in web applications. In addition, the most common problem areas are presented using the OWASP Top 10. To make theoretical knowledge hands-on, participants are given the opportunity to hack an intentionally vulnerable web application themselves. After all, only those who know about an attacker’s capabilities can consider and implement appropriate countermeasures when developing a software project.
On the second day, participants will learn how to prevent discovered vulnerabilities already during development. The focus here will be on the Spring Boot platform. Participants learn how Spring Security’s various security mechanisms are structured, how they can be used correctly and which configurations have proved to be successful in practice. Using a sample project, participants can implement this knowledge directly in the code. The training concludes with an outlook on integrating security measures into agile development processes.
Agenda
Day 1
Motivation: Why is software security important?
- Security as an integral part of modern software systems
- Current threats and requirements
-OWASP Top 10
- The ten most common security risks in web applications
- Countermeasures for defence
Live hacking:
- Independent discovery and exploitation of vulnerabilities in a provided web app that is deliberately vulnerable
- Becoming familiar with the attack capabilities of an attacker
Day 2
Spring Boot security
- Principles, methods and components
- Secure configuration and operation
Practical section: Securing a basic Spring Boot application
- Identification of classic security pitfalls in a Spring Boot context
- Incremental pitfall removal/securing
Security in agile development projects
- Continuous security in the software development lifecycle
- Best practices for methods and activities
Training forms
Training forms according to your needs: Open trainings take place on fixed dates in mixed groups at an inovex location, inhouse trainings you book individually – configurable as desired.
Inhouse training
- Training agenda customizable to the group and the project
- Confidential atmosphere (trainers are under NDA)
- Configurable according to your needs: place, time, language, tooling
Open training
- optimal for individuals
- new impulses from other participants
- getting to know other people interested in tech
Trainers
Our trainers are field-tested experts in their areas of expertise. Through their work in projects, they expand their knowledge day by day and pass on this know-how in their trainings - application-oriented and practice-oriented.

Clemens Hübner

