Contact Us info@learnquest.com

??WelcomeName??
??WelcomeName??
photo

Thank you for your interest in LearnQuest.

Your request is being processed and LearnQuest or a LearnQuest-Authorized Training Provider will be in touch with you shortly.

photo

Thank you for your interest in Private Training.

We look forward to helping you develop the perfect training solution to help you meet your company's goals.

For immediate assistance, speak with one of our representatives using the chat module below. Otherwise, LearnQuest or a LearnQuest-Authorized Training Provider will be in touch with you shortly.

photo

Thank you for your interest in LearnQuest!

Now, you will be able to stay up-to-date on our latest course offerings, promotions, and training discounts. Watch your inbox for upcoming special offers.

title

Date: xxx

Location: xxx

Time: xxx

Price: xxx

Please take a moment to fill out this form. We will get back to you as soon as possible.

All fields marked with an asterisk (*) are mandatory.

Understanding Web Application Security

Course content updated by LearnQuest
Price
700 USD
1 Day
WDSE-105
Classroom Training, Online Training
Prices reflect a 22.5% discount for IBM employees.
Prices shown are the special AWS Partner Prices.
Prices reflect the Capgemini employee discount.
Prices reflect the UPS employee discount.
Prices reflect the ??democompanyname?? employee discount.
GSA Private/Onsite Price: ??gsa-private-price??
For GSA pricing, please go to GSA Advantage.

Special Offer

Save up to $500 on Cloud Training Courses

Get access to authorized cloud training and save hundreds for your team. Use promo code CLOUD10. Offer expires on February 18, 2022.

More Information ?

Class Schedule

Delivery Formats

Sort results

Filter Classes

Guaranteed to Run

Modality

Location

Language

Date

  • Date: 18-Feb-2022
    Time: 9AM - 5PM US Eastern
    Location: Virtual
    Language: English
    Delivered by: LearnQuest
    Price: 700 USD
  • Date: 15-Apr-2022
    Time: 9AM - 5PM US Eastern
    Location: Virtual
    Language: English
    Delivered by: LearnQuest
    Price: 700 USD
View Global Schedule

Course Description

Overview

This Understanding Web Application Security – A Technical Overview course is designed to provide students with a solid foundation in basic terminology and concepts, extended and built upon throughout the engagement. Students will examine various recognized attacks against web applications. Processes and best practices are discussed and illustrated through both discussions and group activities. Attending students will be led through a series of advanced topics comprised of integrated lectures, group discussions and comprehensive demonstrations.

This course quickly introduces the most common security vulnerabilities faced by web applications today. Each vulnerability is examined through a process of describing the threat and attack mechanisms, the associated vulnerabilities, and, finally, designing, implementing, and testing effective defenses. In many cases, there are demonstrations that reinforce these concepts with real vulnerabilities, attacks, and defenses.
 

Objectives

Upon completion of the Understanding Web Application Security – A Technical Overview course, students will be able to:
  • Understand the concepts and terminology behind defensive, secure, coding
  • Appreciate the magnitude of the problems associated with web application security and the potential risks associated with those problems
  • Understand the use of Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets
  • Understand the consequences for not properly handling untrusted data such as denial of service, cross-site scripting, and injections
  • Understand the vulnerabilities of associated with authentication and authorization
  • Understand techniques and measures that can used to harden web and application servers as well as other components in your infrastructure
  • Relate to the potential vulnerabilities and defenses for the processing of XML in web services and Ajax

Audience

  • Technical managers & stake holders

Prerequisites

    Take Before: Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:
    • TT4000 Understanding Internet Architectures
    • TT5000 Understanding JEE
    Take Instead: We offer other courses that provide different levels of knowledge or focus:
    • If you need in-depth developer training for web applications, consider: TT8320-J Securing Java Web Applications or TT8320-N Securing .Net Web Applications
    • For a complete focus on web services, please consider TT8500-J Securing Java Web Services or TT8500-N Securing .Net Web Services
    • If you need in-depth developer training with less of a web application orientation, consider: TT8200-J Secure Java Coding or TT8200-N Secure .Net Coding

Topics

  • INTRODUCTION: MISCONCEPTIONS
    • SECURITY: The complete picture
    • SEVEN deadly assumptions
    • ANTHEM, SONY, TARGET, HEARTLAND, and TJX debriefs
    • CAUSES of data breaches
    • MEANING of being compliant
    • VERIZON’S 2015 data breach report
    • 2015 PCI compliance report
  • SECURITY CONCEPTS
    • MOTIVATIONS: Costs and standards
    • OPEN web application security project
    • WEB application security consortium
    • CERT secure coding standards
    • ASSETS are the targets
    • SECURITY activities cost resources
    • THREAT modeling
  • PRINCIPLES OF INFORMATION SECURITY
    • SECURITY is a lifecycle issue
    • MINIMIZE attack surface area
    • LAYERS of defense: Tenacious D
    • COMPARTMENTALIZE
    • CONSIDER all application states
    • DO NOT trust the untrusted
  • VULNERABILITIES
    • UNVALIDATED input
    • BROKEN access control
    • BROKEN authentication
    • CROSS site scripting (XSS)
    • INJECTION
    • ERROR handling and information leakage
    • INSECURE data handling
    • INSECURE configuration management
    • DIRECT object access
    • SPOOFING and redirects
  • UNDERSTANDING WHAT’S IMPORTANT
    • COMMON vulnerabilities and exposures
    • OWASP top ten for 2013
    • CWE/SANS top 25 most dangerous SW errors
    • MONSTER mitigations
    • STRENGTH training: Project Teams/Developers
    • STRENGTH training: IT organizations
  • DEFENDING XML, SERVICES, AND RICH INTERFACES
    • SAFE XML processing
    • WEB service security exposures
    • WS-security roadmap
    • XWSS provides many functions
    • THREE basic tenets for safe rich interfaces
    • OWASP REST security recommendations
  • SECURE SOFTWARE DEVELOPMENT (SDL)
    • SDL process overview
    • APPLYING processes and practices
    • THREAT modeling
  • SECURITY TESTING
    • TESTING principles
    • REVIEWS as form of testing
    • TESTING
    • TOOLS
    • TESTING practices
    2020 Top 20 Training Industry Company - IT Training

    Need Help?

    Call us toll free at 877-206-0106 or e-mail us at info@learnquest.com

    Personalized Solutions

    Need a personalized solution for your training? Contact us, and one of our advisors will help you find the best solution to your training needs.

    Contact us

    Need Help?

    Do you have a question about the courses, instruction, or materials covered? Do you need help finding which course is best for you?

    Talk to us

    Self-Paced Training Info

    Learn at your own pace with anytime, anywhere training

    • Same in-demand topics as instructor-led public and private classes.
    • Standalone learning or supplemental reinforcement.
    • e-Learning content varies by course and technology.
    • View the Self-Paced version of this outline and what is included in the SPVC course.
    • Learn more about e-Learning

    Course Added To Shopping Cart

    bla

    bla

    bla

    bla

    bla

    bla

    Self-Paced Training Terms & Conditions

    ??spvc-wbt-warning??
    ??group-training-form-area??
    ??how-can-we-help-you-area??
    ??personalized-form-area??
    ??request-quote-area??

    Sorry, there are no classes that meet your criteria.

    Please contact us to schedule a class.
    Nothing yet
    here's the message from the cart

    To view the cart, you can click "View Cart" on the right side of the heading on each page
    Add to cart clicker.

    Purchase Information

    ??elearning-coursenumber?? ??coursename??
    View Cart

    Need more Information?

    Speak with our training specialists to continue your learning journey.

     

    Delivery Formats

    Close

    By submitting this form, I agree to LearnQuest's Terms and Conditions

    heres the new schedule
    This website uses third-party profiling cookies to provide services in line with the preferences you reveal while browsing the Website. By continuing to browse this Website, you consent to the use of these cookies. If you wish to object such processing, please read the instructions described in our Privacy Policy.
    Your use of this LearnQuest site affirms your consent to our use of session and persistent cookies to track how you use our website.