|
|
1-800-THE-TREE (1-800-843-8733)
|
|
|
 |
|
Securing Web Applications, Services and Servers: Hands-On
Course: 940
Type: Hands-On Training
Duration: 4 Days
You Will Learn How To
- Implement and test secure Web applications in your organization
- Identify, diagnose and correct the most serious Web application vulnerabilities
- Configure a Web server to encrypt Web traffic with HTTPS
- Protect Ajax-powered Web 2.0 applications
- Secure XML Web services with WS-Security
- Audit Web application security with source-code and application scanning
Course Benefits Attackers today are targeting Web application vulnerabilities more than operating systems and networks. These vulnerabilities can be exploited to obtain confidential information and compromise organizational integrity. As a result, organizations must integrate robust security measures into the Web application development process. This course provides in-depth, hands-on experience securing Web-based applications and host servers.Who Should Attend Those who want to implement, test and deploy secure Web applications. Experience developing Web applications and a basic knowledge of Web server administration are assumed. No prior knowledge of security is required.Hands-On Training Throughout this course, extensive hands-on exercises based on an evolving case study provide you with practical experience in securing applications. Exercises include:
- Creating a trust boundary with proper input validation
- Avoiding cross site scripting (XSS) and cross site request forgery (CSRF/XSRF)
- Preventing SQL injection vulnerabilities
- Implementing URL access restrictions
- Detecting unauthorized file system modification
- Enabling HTTPS on a Web server
- Protecting Web services with WS-Security
- Identifying vulnerabilities with an application scanner
Course 940 Content
- Defining threats to your Web assets
- Surveying the legal landscape and privacy issues
- Exploring common vulnerabilities
- Achieving Confidentiality, Integrity and Availability (CIA)
- Performing authentication and authorization
- Distinguishing public- and private-key cryptography
- Verifying message integrity with message digests, digital signatures and digital certificates
- Managing software updates
- Restricting HTTP methods
- Obtaining and installing server certificates
- Enabling HTTPS on the Web server
- Protecting the exchange of credentials
- Configuring permissions correctly
- Scanning for file-system changes
- The Open Web Application Security Project (OWASP) Top Ten
- Recognizing critical security faults
- Remediating identified vulnerabilities
- Uncovering and preventing SQL injection
- Defending against an insecure direct object reference
- Limitations of encrypting database content
- Protecting against session ID hijacking
- Enforcing URL access control
- Blocking cross-site request forgery
- Displaying sanitized error messages to the user
- Handling request and page faults
- Establishing trust boundaries
- Revealing and removing the threat of cross site scripting (XSS)
- Exposing the dangers of client-side validation
- Preventing E-shoplifting
- Identifying core Ajax components
- Exchanging information asynchronously
- Managing unpredictable interactions
- Exposing JSON vulnerabilities
- Identifying non-terminated tags and field overflows
- Uncovering Web service weaknesses
- Validating input with an XML schema
- Encrypting exchanges with HTTPS
- Implementing WS-Security with a framework
- Authenticating access to Web services
- Matching patterns to identify faults
- "Fuzzing" to discover new or unknown vulnerabilities
- Scanning applications remotely
- Strategies for testing and scanning
- Testing Web applications with Netcat, Cryptcat and Wget
- Intercepting traffic with OWASP WebScarab
- Reducing risk by implementing proven architectures
- Handling personal and financial data
- Developing guidelines for logging
- Modeling threats to reduce risk
- Integrating applications with your network architecture
|
Related Courses
|
|
|
|
|
|
|
Print Friendly
E-mail a Colleague
Course FAQ
Course PDF
Home
