Average Rating: 9.50/10
(# Rating Votes: 2 | Rate This Course | Contribute a Review )
Short Description:
webScurity's 2-day training courses provide an opportunity to learn about Web application vulnerabilities, conducting application assessments, and developing with security in mind.
Full Description:
Copyright © 2002 - webScurity Inc. All rights reserved.
Overview:
This course provides students with the knowledge and skills necessary to
identify/address application level security in e-business systems. It will give the
student a thorough understanding of application level attacks (75% of the all
attacks are at the application level according to Gartner group). Specifically, the
course discusses secure coding practice and optimum solutions to secure
applications against all application level attacks. The course will be conducted by
experienced developers/security consultants who have extensive experience
assessing a large number of e-business systems. The course makes use of real
world case studies, penetration testing tools, and demos to provide true-to-life
understanding of hacking threats.
Course Material and Software
· Handouts which discuss application level exploits and ways to safeguard
Web applications against them.
· A CD containing a 30 day trial application firewall and application
scanning tools.
Prerequisites:
· Intermediate Level of Web Development Experience
· Working Knowledge of the HTTP Protocol
· Basic Understanding of Network Firewalls
· Working Knowledge of SQL
Course Outline:
· Section I: Introduction to Web Application Security
- What is Web Application Security?
- Understanding why perimeter defense like firewalls and intrusiondetection
systems fail to ensure security of e-business systems.
- Understanding why application level vulnerabilities exist.
- General overview of available solutions to secure applications.
· Section II: Complete Understanding of Web Application Exploits
Getting an understanding of the following Web application vulnerabilities
with the help of real cases and demonstrations:
- Input Validation
a. Direct SQL Commands
b. Cross-Site Scripting
c. OS Commands Injection
Copyright © 2002 - webScurity Inc. All rights reserved.
d. Buffer Overflows
e. Null Characters
- Parameter Manipulation
a. URL Tampering
b. Hidden Form Field Manipulation
c. Cookie Manipulation
d. Form Field Manipulation
e. Forceful Browsing
- Improper Session Management
- Lack/Weak Authentication
- Lack of Access Control
- Mis-configurations
a. Vendor Patches
b. Default Accounts
c. Forceful Browsing
d. Path Traversal
- Lack of Encryption
- Backdoors
a. File Upload
b. Debug Commands
- Revealing sensitive information
a. Comments
b. Error Messages
· Section III- Case Study Analysis
Some high-profile security breaches are analyzed by the trainers. Students
will also get a chance to analyze real world case studies as a class exercise.
· Section IV- Workshops
- Students will get an opportunity to hack unprotected applications
using tools provided.
- Students will also have an opportunity to attack applications
protected by an application level firewall. This exercise would
allow a student to understand the kind of protection gained from
an application level firewall.
· Section V - Secure Solutions Discussion
· Proper User-input Handling
· Encryption and Secure Management of Keys
· Authentication Procedures
· Access Control Procedures
· Secure Coding Practices
· Secure State Management
· Section IV - Vulnerability Assessments
Understanding all the application level vulnerabilities is not enough to
effectively conduct a security assessment of an existing Web application.
In this section students will understand:
- Why security audits are necessary.
- Study a methodology which allows developers to conduct costeffective
security assessments.
- Assess an application for security flaws.
At Course Completion the Student will be Able to:
· Understand the importance of coding and deployment on the overall
security of e-business systems.
· Understand how the majority of attacks on e-business systems are
orchestrated.
· Understand existing Web application vulnerabilities and how they can be
exploited.
· Identify optimum solutions to secure a Web application.
· Conduct effective security audits of Web applications.
Duration:
2 Days
Price:
995
Submitted by: admin
Hits: 0
webScurity's e-business Application Security Training Course Web Page
|
