This course is designed for those who have a working knowledge of practical Haskell but no or little knowledge of or experience with information security. During this course you will look at Haskell from an information security point of view, enabling you to answer the following questions: How do security vulnerabilities such as SQL Injection (SQLi) or Cross-Site Scripting (XSS) work? How does a hacker exploit them? What can we, as Haskell programmers, do to prevent them, and how can Haskell help us with that? And what principles can we extract from this to develop more security-aware coding habits?
As part of ZuriHac 2020, we ran a workshop based on a condensed version of this course, which is freely available online.
Introduction into Infosec
CSRF, session hijacking, session fixation
Attacking Web Servers at lower levels of the stack
Managing Security Concerns
The Social Side
Cryptography, Steganography, Secrecy, Integrity, Identity
Authentication & Authorisation
The “modern” web
The minimal duration of this course is three full days. The course can easily be extended to up to five days, by giving more time for additional exercises and examples, covering some of topics in more detail, and adding some additional topics.
If delivered remotely, it is typically advisable to spread out the course sessions over a few more days, to provide the opportunity for participants to work on exercises and get feedback on their work in between sessions.
The base price of this course is GBP 4000 (one lecturer, three days, on-site). The base price excludes VAT and any other applicable taxes as well as travel costs which depend on the location of the course venue.
Prices for extending the course or adding additional lecturers (for larger on-site groups) on request.
We offer on-site consulting in combination with on-site courses at a reduced daily rate.
If you are interested in this course, or for more information, please email us with as many details as possible.