Understanding Web Application Security is an essential application security training course for technical leads, project managers, testing/QA personnel and other stakeholders who need to understand the issues and concepts associated with secure web applications. During this one day dynamic seminar, students learn the best practices for designing, implementing, and deploying secure web applications. Perhaps just as significantly, students learn about current, real examples that illustrate the potential consequences of not following these best practices.
A key component to our Best Defense Security Training Series, this workshop is a companion course with several developer-oriented courses and seminars. Although this edition of the course is language-agnostic, it may also be presented using Java, .Net or other programming languages or environments.
Security experts agree that the least effective approach to security is "penetrate and patch". It is far more effective to "bake" security into an application throughout its lifecycle. This course builds on the mechanics for building defenses by exploring how design, analysis, testing, and QA can be used to build stronger applications from the beginning of the software lifecycle.
Students who attend Understanding Web Application Security will leave this course armed with an understanding of software vulnerabilities, defenses for those vulnerabilities, and testing those defenses for sufficiency. This course quickly introduces the most common security vulnerabilities faced by web applications today. Each vulnerability is examined through a process of describing the threat and attack mechanisms, the associated vulnerabilities, and, finally, designing, implementing, and testing effective defenses. In many cases, there are demonstrations that reinforce these concepts with real vulnerabilities, attacks, and defenses.
Working in an interactive learning environment, attendees will learn to:
The course provides a solid foundation in basic terminology and concepts, extended and built upon throughout the engagement. Students will examine various recognized attacks against web applications. Processes and best practices are discussed and illustrated through both discussions and group activities. Attending students will be led through a series of advanced topics comprised of integrated lectures, group discussions and comprehensive demonstrations.
This is course designed for web application project stakeholders who wish to get up and running on developing well defended web applications. Attendees should have a minimum of 2 years working knowledge in the IT industry, and ideally, students should have a basic understanding of web applications and the associated technologies. Actual development working knowledge is helpful but not necessary.
Introduction: Misconceptions
Session: Security Concepts
Session: Principles of Information Security
Session: Vulnerabilities
Session: Understanding What’s Important
Session: Defending XML, Services, and Rich Interfaces
Session: Secure Software Development (SDL)
Session: Security Testing
NA
Live scheduled classes are listed below or browse our full course catalog anytime
Check out custom training solutions planned around your unique needs and skills.
Exclusive materials, ongoing support and a free live course refresh with every class.
Mix, Match & Master!
2FOR1: Two Courses, One Price!
Enroll in *any* two public courses (for 2023 *OR* 2024 dates!) by December 31, for one price! Learn something new, or share the promo!
Special Offers
Limited Offer for most courses.
SAVE 50%