Security experts agree that the least effective approach to security is ""penetrate and patch"". It is far more effective to ""bake"" security into an application throughout its lifecycle. After spending significant time examining a poorly designed (from a security perspective) web application, developers are ready to learn how to build secure web applications starting at project inception. The final portion of this course builds on the previously learned mechanics for building defenses by exploring how design and analysis can be used to build stronger applications from the beginning of the software lifecycle. The Secure Web Application Development Overview is geared for web developers and technical stakeholders who need to produce secure web applications, integrating security measures
* Actual course outline may vary depending on offering center. Contact your sales representative for more information.
Learning Objectives
Students who attend Secure Web Application Development will gain an understanding of how to recognize actual and potential software vulnerabilities, implement defenses for those vulnerabilities, and test those defenses for sufficiency. This course introduces most common security vulnerabilities faced by web applications today. Each vulnerability is examined from a coding perspective through a process of describing the threat and attack mechanisms, recognizing associated vulnerabilities, and, finally, designing, implementing, and testing effective defenses.
Guided by our application security expert, attendees will explore how to:
Ensure that any hacking and bug hunting is performed in a safe and appropriate manner
Identify defect/bug reporting mechanisms within their organizations
Setup and use various tools and techniques to determine a web application’s operational environment
Setup and use various tools and techniques to enumerate all aspects of a web application
Setup and use various tools and techniques to scan a web application for vulnerabilities
Work with specific tools for targeted vulnerabilities
Avoid common mistakes that are made in bug hunting and vulnerability testing
Understand the concepts and terminology behind defensive, secure coding including the phases and goals of a typical exploit
Develop an appreciation for the need and value of a multilayered defense in depth
Understand potential sources for untrusted data
Understand the consequences for not properly handling untrusted data such as denial of service, cross-site scripting, and injections
To test web applications with various attack techniques to determine the existence of and effectiveness of layered defenses
Prevent and defend the many potential vulnerabilities associated with untrusted data
Understand the vulnerabilities of associated with authentication and authorization
Detect, attack, and implement defenses for authentication and authorization functionality and services
Understand the dangers and mechanisms behind Cross-Site Scripting (XSS) and Injection attacks
Detect, attack, and implement defenses against XSS and Injection attacks
Understand the risks associated with XML processing, file uploads, and server-side interpreters and how to best eliminate or mitigate those risks
Learn the strengths, limitations, and use for tools such as code scanners, dynamic scanners, and web application firewalls (WAFs)
$1,695
Length: 2.0 days (16 hours)
Level:
Course Schedule:
6:00 PM ET
6:00 PM ET
6:00 PM ET