Defending Web Applications Security Essentials Training Course Hands-on
Defending Web Applications Security Essentials Training is the course to take if you have to defend web applications!
The quantity and importance of data entrusted to web applications is growing, and defenders need to learn how to secure them. Traditional network defenses, such as firewalls, fail to secure web applications. DEV522 covers the OWASP Top 10 Risks and will help you better understand web application vulnerabilities, thus enabling you to properly defend your organization's web assets.
Mitigation strategies from an infrastructure, architecture, and coding perspective will be discussed alongside real-world applications that have been proven to work. The testing aspect of vulnerabilities will also be covered so that you can ensure your application is tested for the vulnerabilities discussed in class.
To maximize the benefit for a wider range of audiences, the discussions in this Defending Web Applications Security Essentials Training course will be programming language agnostic. Focus will be maintained on security strategies rather than coding-level implementation.
Defending Web Applications Security Essentials Training is intended for anyone tasked with implementing, managing, or protecting Web applications. It is particularly well suited to application security analysts, developers, application architects, pen testers, auditors who are interested in recommending proper mitigations for web security issues, and infrastructure security professionals who have an interest in better defending their web applications.
Duration: 6 days
• We can adapt this course to your group’s background and work requirements at little to no added cost.
• If you are familiar with some aspects of this Defending Web Applications Security Essentials Training course, we can omit or shorten their discussion.
• We can adjust the emphasis placed on the various topics or build the course around the mix of technologies of interest to you (including technologies other than those included in this outline).
• If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the course in manner understandable to lay audiences.
Audience / Target Group
The target audience for this Defending Web Applications Security Essentials Training course is defined here:
• Application developers
• Application security analysts or managers
• Application architects
• Penetration testers who are interested in learning about defensive strategies
• Security professionals who are interested in learning about web application security
• Auditors who need to understand defensive mechanisms in web applications
• Employees of PCI compliant organizations who need to be trained to comply with PCI requirements
Defending Web Applications Security Essentials Training - Objectives:
After completing this Defending Web Applications Security Essentials Training course, attendees will be able to:
• Understand the major risks and common vulnerabilities related to web applications through real-world examples.
• Mitigate common security vulnerabilities in web applications using proper coding techniques, software components, configurations, and defensive architecture.
• Understand the best practices in various domains of web application security such as authentication, access control, and input validation.
• Fulfill the training requirement as stated in PCI DSS 6.5.
• Deploy and consume web services (SOAP and REST) in a more secure fashion.
• Proactively deploy cutting-edge defensive mechanisms such as the defensive HTTP response headers and Content • Security Policy to improve the security of web applications.
• Strategically roll out a web application security program in a large environment.
• Incorporate advanced web technologies such as HTML5 and AJAX cross-domain requests into applications in a safe and secure manner.
• Develop strategies to assess the security posture of multiple web applications.
Defending Web Applications Security Essentials Training - Course Content:
Web Basics and Authentication Security
Overview of web technologies
Web application architecture
Recent attack trends
Authentication vulnerabilities and defense
Web Application Common Vulnerabilities and Mitigations
SSL vulnerabilities and testing
Proper encryption use in web application
Session vulnerabilities and testing
Cross-site request forgery
Business logic flaws
Input-related flaws and related defenses
SQL injection vulnerabilities, testing, and defense
Proactive Defense and Operation Security
Cross-site scripting vulnerability and defenses
Web environment configuration security
Intrusion detection in web application
AJAX and Web Services Security
Web services overview
Security in parsing of XML
AJAX technologies overview
AJAX attack trends and common attacks
Cutting-Edge Web Security
Java applet security
Single-sign-on solution and security
IPv6 impact on web security
Capture and Defend the Flag Exercise
Mitigation of server configuration errors
Discovering and mitigating coding problems
Testing business logic issues and fixing problems
Web services testing and security problem mitigation
Reinforcement through exercises of key topics discussed throughout the course.