Application Development & Programming Training Icon
Information Security Training Courses Icon

Introduction to Web Application Security - A Technical Overview


1 Day
Live Online

Expertise Level: Intermediate
Certification
Live Online Registration
Live Online:
$895.00
Private Onsite Package

This course can be tailored to your needs for private, onsite delivery at your location.

Learn More About Enterprise Team Training

Overview

Understanding Web Application Security is an essential application security training course for technical leads, project managers, testing/QA personnel and other stakeholders who need to understand the issues and concepts associated with secure web applications. During this one day dynamic seminar, students learn the best practices for designing, implementing, and deploying secure web applications. Perhaps just as significantly, students learn about current, real examples that illustrate the potential consequences of not following these best practices.

Understand the concepts and terminology behind defensive, secure, coding
Appreciate the magnitude of the problems associated with web application security and the potential risks associated with those problems
Understand the use of Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets
Understand the consequences for not properly handling untrusted data such as denial of service, cross-site scripting, and injections
Understand the vulnerabilities of associated with authentication and authorization
Understand techniques and measures that can used to harden web and application servers as well as other components in your infrastructure
Relate to the potential vulnerabilities and defenses for the processing of XML in web services and Ajax
Upcoming Dates and Locations
Guaranteed To Run

There aren’t any public sessions currently scheduled for this course, but if you fill out the form below, we can tell you about how we can bring this course to you!

Course Outline

Introduction: Misconceptions

  • Security: The Complete Picture
  • TJX: Anatomy of a Disaster?
  • Causes of Data Breaches
  • Heartland – Slipping Past PCI Compliance
  • Target's Painful Christmas
  • Meaning of Being Compliant
  • Verizon's 2013 and 2014 Data Breach Reports

Session: Security Concepts

  • Motivations: Costs and Standards
  • Open Web Application Security Project
  • Web Application Security Consortium
  • CERT Secure Coding Standards
  • Assets are the Targets
  • Security Activities Cost Resources
  • Threat Modeling
  • System/Trust Boundaries

Session: Principles of Information Security

  • Security Is a Lifecycle Issue
  • Minimize Attack Surface Area
  • Layers of Defense: Tenacious D
  • Compartmentalize
  • Consider All Application States
  • Do NOT Trust the Untrusted

Session: Vulnerabilities

  • Unvalidated Input
  • Broken Access Control
  • Broken Authentication
  • Cross Site Scripting (XSS)
  • Injection
  • Error Handling and Information Leakage
  • Insecure Data Handling
  • Insecure Configuration Management
  • Direct Object Access
  • Spoofing and Redirects

Session: Understanding What's Important

  • Common Vulnerabilities and Exposures
  • OWASP Top Ten for 2013
  • CWE/SANS Top 25 Most Dangerous SW Errors
  • Monster Mitigations
  • Strength Training: Project Teams/Developers
  • Strength Training: IT Organizations

Session: Defending XML, Services, and Rich Interfaces

  • Safe XML Processing
  • Web Service Security Exposures
  • WS-Security Roadmap
  • XWSS Provides Many Functions
  • Three Basic Tenets for Safe Rich
  • Interfaces
  • OWASP REST Security Recommendations

Session: Secure Software Development (SDL)

  • SDL Process Overview
  • Applying Processes and Practices
  • Threat Modelling

Session: Security Testing

  • Testing Principles
  • Reviews as Form of Testing
  • Testing
  • Tools
  • Testing Practices
Who should attend

This is course designed for web application project stakeholders who wish to get up and running on developing well defended web applications. Attendees should have a minimum of 2 years working knowledge in the IT industry, and ideally, students should have a basic understanding of web applications and the associated technologies.

Yes, this course looks perfect for my needs!

Download the brochure