Close
COURSE LIST / KHOÁ HỌC XU HƯỚNG

Secure web of Insecurities

Course Summary:

The major cause of web insecurity is insecure software development practices. This highly intensive and interactive course provides essential application security training for web application, web service and mobile software developers and architects.

Course Duration: 5 days


Course Content:

Description:

The major cause of web insecurity is insecure software development practices. This highly intensive and interactive course provides essential application security training for web application, web service and mobile software developers and architects.

The class is a combination of lecture, security testing and code review. Students will learn the most common threats against applications. More importantly, students will learn how to design and code secure web solutions via defense-based code samples, an exploration into the use of third-party security libraries and secure design review. Participants will work together on various secure coding and hacking labs as a class.

Topics to be covered:

  • HTTP Basics and Introduction

  • Input Validation

  • SQL and other Injections

  • Authentication

  • XSS Defense

  • Advanced XSS Defense

  • Content Spoofing and HTML Hacking

  • Access Control

  • Cross Site Request Forgery

  • Click Jacking

  • Cryptograph

Who should attend:

  • Web application developers or architects, web security professionals, development managers, penetration testers, application security analysts, infosec professionals and anyone who are tasked with building secure web applications.

Learning outcome:

  • - Participants will gain a solid understanding on security architecture for web application.
    - Participants will have valuable insight on web application threats and hacking techniques commonly used by hackers. - Participants will learn how to conduct risk assessment and fix the vulnerabilities in web application.
    - Participants will be able to develop a secure web application by:

  •   Building injection-safe server-side applications

  •   Building modern access control functionality for multi-tenant data driven applications

  •   Building an injection safe user interface

  •   Building a secure authentication mechanism

  •   Storing passwords securely

  •   Building multi-factor authentication mechanisms

  •   Understanding the limits of HTTPS and what to do about it

  •   Implementing multi-layered CSRF and Clickjacking protection

  •   Implementing modern security HTTP Headers

  •   Implementing modern symmetric cryptographic storage

  •   Implementing modern asymmetric crypto