|The major cause of web insecurity is insecure software development practices. This highly intensive and interactive course provides essential application security training for web application, web service and mobile software developers and architects.|
The major cause of web insecurity is insecure software development practices. This highly intensive and interactive course provides essential application security training for web application, web service and mobile software developers and architects.
The class is a combination of lecture, security testing and code review. Students will learn the most common threats against applications. More importantly, students will learn how to design and code secure web solutions via defense-based code samples, an exploration into the use of third-party security libraries and secure design review. Participants will work together on various secure coding and hacking labs as a class.
Topics to be covered:
HTTP Basics and Introduction
SQL and other Injections
Advanced XSS Defense
Content Spoofing and HTML Hacking
Cross Site Request Forgery
Who should attend:
Web application developers or architects, web security professionals, development managers, penetration testers, application security analysts, infosec professionals and anyone who are tasked with building secure web applications.
- Participants will gain a solid understanding on security architecture for web application.
- Participants will have valuable insight on web application threats and hacking techniques commonly used by hackers. - Participants will learn how to conduct risk assessment and fix the vulnerabilities in web application.
- Participants will be able to develop a secure web application by:
Building injection-safe server-side applications
Building modern access control functionality for multi-tenant data driven applications
Building an injection safe user interface
Building a secure authentication mechanism
Storing passwords securely
Building multi-factor authentication mechanisms
Understanding the limits of HTTPS and what to do about it
Implementing multi-layered CSRF and Clickjacking protection
Implementing modern security HTTP Headers
Implementing modern symmetric cryptographic storage
Implementing modern asymmetric crypto