Introduction to Web Application Security - A Technical Overview

1 Day Live Online
Adjustable to meet your needs.
Individual Online:
When training eight or more people, onsite team training offers a more affordable and convenient option.
Register Now
Request Quote

Understanding Web Application Security is an essential application security training course for technical leads, project managers, testing/QA personnel and other stakeholders who need to understand the issues and concepts associated with secure web applications. During this one day dynamic seminar, students learn the best practices for designing, implementing, and deploying secure web applications. Perhaps just as significantly, students learn about current, real examples that illustrate the potential consequences of not following these best practices.

Understand the concepts and terminology behind defensive, secure, coding
Appreciate the magnitude of the problems associated with web application security and the potential risks associated with those problems
Understand the use of Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets
Understand the consequences for not properly handling untrusted data such as denial of service, cross-site scripting, and injections
Understand the vulnerabilities of associated with authentication and authorization
Understand techniques and measures that can used to harden web and application servers as well as other components in your infrastructure
Relate to the potential vulnerabilities and defenses for the processing of XML in web services and Ajax
Upcoming Dates and Locations
Guaranteed To Run

There aren’t any public sessions currently scheduled for this course, but if you fill out the form below, we can tell you about how we can bring this course to you!

Course Outline

Part 1: Misconceptions

  1. Security: The Complete Picture
  2. TJX: Anatomy of a Disaster?
  3. Causes of Data Breaches
  4. Heartland – Slipping Past PCI Compliance
  5. Target's Painful Christmas
  6. Meaning of Being Compliant
  7. Verizon's 2013 and 2014 Data Breach Reports

Part 2: Security Concepts

  1. Motivations: Costs and Standards
  2. Open Web Application Security Project
  3. Web Application Security Consortium
  4. CERT Secure Coding Standards
  5. Assets are the Targets
  6. Security Activities Cost Resources
  7. Threat Modeling
  8. System/Trust Boundaries

Part 3: Principles of Information Security

  1. Security Is a Lifecycle Issue
  2. Minimize Attack Surface Area
  3. Layers of Defense: Tenacious D
  4. Compartmentalize
  5. Consider All Application States
  6. Do NOT Trust the Untrusted

Part 4: Vulnerabilities

  1. Unvalidated Input
  2. Broken Access Control
  3. Broken Authentication
  4. Cross Site Scripting (XSS)
  5. Injection
  6. Error Handling and Information Leakage
  7. Insecure Data Handling
  8. Insecure Configuration Management
  9. Direct Object Access
  10. Spoofing and Redirects

Part 5: Understanding What's Important

  1. Common Vulnerabilities and Exposures
  2. OWASP Top Ten for 2013
  3. CWE/SANS Top 25 Most Dangerous SW Errors
  4. Monster Mitigations
  5. Strength Training: Project Teams/Developers
  6. Strength Training: IT Organizations

Part 6: Defending XML, Services, and Rich Interfaces

  1. Safe XML Processing
  2. Web Service Security Exposures
  3. WS-Security Roadmap
  4. XWSS Provides Many Functions
  5. Three Basic Tenets for Safe Rich
  6. Interfaces
  7. OWASP REST Security Recommendations

Part 7: Secure Software Development (SDL)

  1. SDL Process Overview
  2. Applying Processes and Practices
  3. Threat Modelling

Part 8: Security Testing

  1. Testing Principles
  2. Reviews as Form of Testing
  3. Testing
  4. Tools
  5. Testing Practices
Who should attend

This is course designed for web application project stakeholders who wish to get up and running on developing well defended web applications. Attendees should have a minimum of 2 years working knowledge in the IT industry, and ideally, students should have a basic understanding of web applications and the associated technologies.

Download the brochure