Web Application Security Refresher

Web Application Security

TT8350

Intermediate and Beyond

1 Day

Course Overview

The Best Defense™ Security Training Series is a suite of developer-oriented, application security courses that provide complete coverage of the CWE/SANS Top 25 Most Dangerous Programming Errors (http://cwe.mitre.org/top25/), the OWASP Top Ten for 2013, the Verizon 2014 Data Breach Report, and the WASC Threat Classifications.  These errors, as determined by a consortium of cyber security organizations, enable cyber espionage and crime.  Our comprehensive application security and secure coding classes address each of these critical issues head-on, as our courses, seminars and workshops explicitly:

  • Teach programmers what these errors are
  • Demonstrate, in real terms, the potential impact of each of these errors
  • Provide experience in how to recognize and properly address these errors
  • Teach stakeholders how to defend against the potential consequences of security breaches in other parts of their IT infrastructure.
  • Cross-reference materials, vulnerabilities, and attacks that are covered with both the OWASP Top 10 and the WASC Threat Classifications
  • Covers the latest security trends and developments, including the Verizon Data Breach Report and the latest from the National Vulnerabilities Database

Course Objectives

The Web Application Security Refresher is a current, hands-on security training update for experienced enterprise developers who have already has basic web security training and need to be updated on the latest trends and best practices. This course is designed to address the changes in the security landscape that have occurred since the developer's previous security training.

 

Students walk away from this class with specific action plans for further strengthening their own security skills while also applying specific measures to ongoing or upcoming projects to improve their security. Working in a lab-intensive, hands-on programming environment, guided by our expert security team, students will:

  • Review the latest security trends and vulnerability reports
  • Dig into the underlying causes for recent, high-value exploits
  • Learn and implement the latest defenses against complex and dangerous attacks
  • Leave with an action plan for improving their security knowledge and rolling that out to other team members

Course Prerequisites

This is an intermediate -level JEE programming course, designed for developers who wish to get up and running on developing well defended software applications. This course may be customized to suit your team’s unique objectives.

 

Familiarity with Java and JEE is required and real world programming experience is highly recommended. Ideally students should have approximately 6 months to a year of Java and JEE working knowledge.   In addition, it is assumed that developers will have had extensive secure coding training in the past.

Course Agenda

Session: Foundation

 

Lesson: The Current Picture

    • Industry Trends
    • Recent exploits and DOS attacks
    • Target's Painful Christmas
    • Meaning of Being Compliant
    • Verizon’s 2013 and 2014 Data Breach Report
    • Verizon AppSec Recommendations

 

 

Lesson: Review of Principles of Information Security

  • Security Is a Lifecycle Issue
  • Minimize Attack Surface Area
  • Manage Resources
  • Layers of Defense: Tenacious D
  • Compartmentalize
  • Do NOT Trust the Untrusted

 

Session: OWASP Top Ten for 2013

 

Lesson: OWASP Top Ten Overview

  • Goal of the Top Ten
  • Basis for the 2013 Rankings
  • Application Security Risks
  • Risk in Your World

 

Lesson: OWASP Top Ten for 2013

  • Injection
  • Broken Authentication and Session Management
  • Cross-Site Scripting
  • Insecure Direct Object References
  • Security Misconfiguration
  • Sensitive Data Exposure
  • Missing Function Level Access Control
  • Cross-Site Request Forgery
  • Using Components with Known Vulnerabilities
  • Unvalidated Redirects and Forwards
  •  

Session: Taking the Next Step

 

Lesson: Understanding What’s Important

  • Common Vulnerabilities and Exposures
  • CWE/SANS Top 25 Most Dangerous SW Errors
  • Monster Mitigations
  • Web Application Security Consortium
  • CERT Secure Coding Standards
  • Threat Analysis Revisited

 

Lesson: Strengthening Your Security Skills

  • Plan Moving Forward
  • Increasing Core Strengths
    • Weekly Security Workouts
    • Group Activities
  • Maintaining Awareness
    • Consumable Resources
    •  

Lesson: Strengthening Project Security

  • Failures of Past Approaches
  • Ruggedizing Software
  • Template for Describing Defenses
  • Proving Defenses Work
  • Application Control
  • Data Protection

Course Materials

 

Our robust course materials include much more than a simple slideshow presentation handout.  Student materials include a comprehensive hard-copy course manual, complete with detailed course notes, code samples, diagrams and current reference materials, all directly related to the course at hand, indexed for ease of use. Step-by-step lab instructions and project descriptions are clearly illustrated and commented for maximum learning. 

Raise the bar for advancing technology skills

Attend a Class!

Live scheduled classes are listed below or browse our full course catalog anytime

Special Offers

We regulary offer discounts for individuals, groups and corporate teams. Contact us

Custom Team Training

Check out custom training solutions planned around your unique needs and skills.

EveryCourse Extras

Exclusive materials, ongoing support and a free live course refresh with every class.

Summer Savings!
Register today to receive *50% off all 2021 Public Classes*!  Check out our Current Offers for Individuals, Teams and Organizations to Learn for Less!

See our latest Offers and Promotions

Learn. Explore. Advance!

Extend your training investment! Recorded sessions, free re-sits and after course support included with Every Course
Trivera MiniCamps
Gain the skills you need with less time in the classroom with our short course, live-online hands-on events
Trivera QuickSkills: Free Courses and Webinars
Training on us! Keep your skills current with free live events, courses & webinars
Trivera AfterCourse: Coaching and Support
Expert level after-training support to help organizations put new training skills into practice on the job

The voices of our customers speak volumes

Special Offers
Limited Offer for most courses.

SAVE 50%

Learn More