Haskell and Infosec

3–5 days

This course is designed for those who have a working knowledge of practical Haskell but no or little knowledge of or experience with information security. During this course you will look at Haskell from an information security point of view, enabling you to answer the following questions: How do security vulnerabilities such as SQL Injection (SQLi) or Cross-Site Scripting (XSS) work? How does a hacker exploit them? What can we, as Haskell programmers, do to prevent them, and how can Haskell help us with that? And what principles can we extract from this to develop more security-aware coding habits?

As part of ZuriHac 2020, we ran a workshop based on a condensed version of this course, which is freely available online.

Topics

  • Introduction into Infosec

  • Injection attacks

  • XSS

  • More Injections

  • CSRF, session hijacking, session fixation

  • Attacking Web Servers at lower levels of the stack

  • Performance-based attacks

  • Managing Security Concerns

  • Defense strategies

  • The Social Side

  • Cryptography, Steganography, Secrecy, Integrity, Identity

  • Authentication & Authorisation

  • Auditing

  • The “modern” web

Duration

The minimal duration of this course is three full days. The course can easily be extended to up to five days, by giving more time for additional exercises and examples, covering some of topics in more detail, and adding some additional topics.

If delivered remotely, it is typically advisable to spread out the course sessions over a few more days, to provide the opportunity for participants to work on exercises and get feedback on their work in between sessions.

Cost

The base price of this course is GBP 4000 (one lecturer, three days, on-site). The base price excludes VAT and any other applicable taxes as well as travel costs which depend on the location of the course venue.

Prices for extending the course or adding additional lecturers (for larger on-site groups) on request.

We offer on-site consulting in combination with on-site courses at a reduced daily rate.

If you are interested in this course, or for more information, please email us with as many details as possible.