Security experts agree that the least effective approach to security is "penetrate and patch". It is far more effective to "bake" security into an application throughout its lifecycle. After spending significant time examining a poorly designed (from a security perspective) web application, developers are ready to learn how to build secure web applications starting at project inception. The final portion of this course builds on the previously learned mechanics for building defenses by exploring how design and analysis can be used to build stronger applications from the beginning of the software lifecycle.
The Secure Web Application Development Overview is geared for web developers and technical stakeholders who need to produce secure web applications, integrating security measures into the development process from requirements to deployment and maintenance. This overview-level course explores core concepts and challenges in web application security, showcasing current, real world examples that illustrate the potential consequences of not following these best practices.
This course is also PCI Compliant.
Students who attend Secure Web Application Development will gain an understanding of how to recognize actual and potential software vulnerabilities, implement defenses for those vulnerabilities, and test those defenses for sufficiency. This course introduces most common security vulnerabilities faced by web applications today. Each vulnerability is examined from a coding perspective through a process of describing the threat and attack mechanisms, recognizing associated vulnerabilities, and, finally, designing, implementing, and testing effective defenses.
Guided by our application security expert, attendees will explore how to:
Need different skills or topics? If your team requires different topics or tools, additional skills or custom approach, this course may be further adjusted to accommodate. We offer additional programming, secure coding, secure software development, hacking, database security, bug hunting and other related topics that may be blended with this course for a track that best suits your needs. Our team will collaborate with you to understand your needs and will target the course to focus on your specific learning objectives and goals.
This is an introductory-level course designed for technical application project stakeholders who wish to get up and running on developing well defended web applications. Real-world programming experience is highly recommended for code reviews.
Take After: We offer a variety of introductory through advanced security, development, project management, engineering, architecture and design courses that serve as an excellent follow on to this course. Please inquire for details.
Please see the Related Courses tab for specific Pre-Requisite courses, Related Courses that offer similar skills or topics, and next-step Learning Path recommendations.
Please note that this list of topics is based on our standard course offering, evolved from typical industry uses and trends. We’ll work with you to tune this course and level of coverage to target the skills you need most.
Introduction: Misconceptions
Session: Foundation
Lesson: Security Concepts
Lesson: Principles of Information Security
Session: Vulnerabilities
Lesson: Unvalidated Input
Lesson: Overview of Regular Expressions
Lesson: Broken Access Control
Lesson: Broken Authentication
Lesson: Cross Site Scripting (XSS)
Lesson: Injection
Lesson: Error Handling and Information Leakage
Lesson: Insecure Data Handling
Lesson: Insecure Configuration Management
Lesson: Direct Object Access
Lesson: Spoofing and Redirects
Lesson: Understanding What’s Important
Session: Defending XML, Services, and Rich Interfaces
Lesson: Defending XML
Lesson: Defending Web Services
Lesson: Defending Rich Interfaces and REST
Session: Secure Development Lifecycle (SDL)
Lesson: SDL Process Overview
Lesson: Applying Processes and Practices
Lesson: Risk Analysis
Session: Security Testing
Lesson: Testing Tools and Processes
Lesson: Testing Practices
Each student will receive a Student Guide with course notes, code samples, software tutorials, step-by-step written lab instructions, diagrams and related reference materials and links (as applicable). Students will also receive the project files (or code, if applicable) and solutions required for the hands-on work.
Hands-on Setup Made Simple! Our dedicated tech team will work with you to ensure your student machines and learning environment is setup, tested and ready to go well in advance of the course delivery date, ensuring a smooth start to class and seamless hands-on experience for your students. We offer several flexible student machine setup options including guided manual set up for simple installation directly on student machines, or cloud based / remote hosted lab solutions where students can log in to a complete separate lab environment minus any installations, or we can supply complete turn-key, pre-loaded equipment to bring ready-to-go student machines to your students or in-person facility. Please inquire for details.
Live scheduled classes are listed below or browse our full course catalog anytime
Check out custom training solutions planned around your unique needs and skills.
Exclusive materials, ongoing support and a free live course refresh with every class.
Please see the current upcoming available open enrollment course dates posted below. Please feel free to Register Online below, or call 844-475-4559 toll free to connect with our Registrar for assistance. If you need additional date options, please contact us for scheduling.
Course Title | Days | Date | Time | Price | |
---|---|---|---|---|---|
Secure Web Applications Overview (Language Neutral Edition) | Explore OWASP Top Ten, Web Services, Rich Interfaces & More | 2 Days | Mar 10 to Mar 11 | 10:00 AM to 06:00 PM EST | $1,595.00 | Register |
Secure Web Applications Overview (Language Neutral Edition) | Explore OWASP Top Ten, Web Services, Rich Interfaces & More | 2 Days | Apr 14 to Apr 15 | 10:00 AM to 06:00 PM EST | $1,595.00 | Register |
Secure Web Applications Overview (Language Neutral Edition) | Explore OWASP Top Ten, Web Services, Rich Interfaces & More | 2 Days | May 20 to May 21 | 10:00 AM to 06:00 PM EST | $1,595.00 | Register |
Secure Web Applications Overview (Language Neutral Edition) | Explore OWASP Top Ten, Web Services, Rich Interfaces & More | 2 Days | Jul 14 to Jul 15 | 10:00 AM to 06:00 PM EST | $1,595.00 | Register |
Secure Web Applications Overview (Language Neutral Edition) | Explore OWASP Top Ten, Web Services, Rich Interfaces & More | 2 Days | Aug 25 to Aug 26 | 10:00 AM to 06:00 PM EST | $1,595.00 | Register |
New Site, BIG Savings!
We're celebrating the launch of our lonnngggg awaited new site with with *50% off all 2021 Public Classes* booked by March 31! Check out our Current Offers for Individuals, Teams and Organizations to Learn for Less!
Special Offers
Limited Offer for most courses.
SAVE 50%