Web Application Security Fundamentals (WASF)

During this one day dynamic seminar, you will learn the best practices for designing, implementing and deploying secure web applications. Perhaps just as significantly, you will learn about current, real examples that illustrate the potential consequences of not following these best practices.

You will leave this course armed with an understanding of software vulnerabilities, defenses for those vulnerabilities, and testing those defenses for sufficiency. This course quickly introduces the most common security vulnerabilities faced by web applications today. Each vulnerability is examined through a process of describing the threat and attack mechanisms, the associated vulnerabilities and, finally, designing, implementing and testing effective defenses. In many cases, there are demonstrations that reinforce these concepts with real vulnerabilities, attacks, and defenses.

This workshop is a companion course with several developer-oriented courses and seminars. Although this edition of the course is language-agnostic, it may also be presented using Java, .Net or other programming languages or environments.

• Web Application Security Fundamentals is an essential application security training course for technical leads, project managers, testing/QA personnel and other stakeholders who need to understand the issues and concepts associated with secure web applications

• Minimum of 2 years working knowledge in the IT industry
• Basic understanding of web applications and associated technologies is ideal
• Working knowledge in actual development is helpful, but not necessary

Working in an interactive learning environment, you will learn to:

• Understand the concepts and terminology behind defensive, secure coding
• Appreciate the magnitude of the problems associated with web application security and the potential risks associated with those problems
• Understand the use of Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets
• Understand the consequences for not properly handling untrusted data such as denial of service, cross-site scripting, and injections
• Understand the vulnerabilities of associated with authentication and authorization
• Understand techniques and measures that can used to harden web and application servers as well as other components in your infrastructure
• Relate to the potential vulnerabilities and defenses for the processing of XML in web services and Ajax

What’s included?

The course provides a solid foundation in basic terminology and concepts, extended and built upon throughout the engagement. Students will examine various recognized attacks against web applications. Processes and best practices are discussed and illustrated through both discussions and group activities. Attending students will be led through a series of advanced topics comprised of integrated lectures, group discussions and comprehensive demonstrations. This course also includes:

• Basic course pre-testing and/or post-course assessments
• Ability to customize the courseware, adapting it to your companies policies, procedures and plans