Home    |    Instructor-led Training    |    Online Training     
         
 
Courses
ADA
Adobe
Agile
AJAX
Android
Apache
AutoCAD
Big Data
BlockChain
Business Analysis
Business Intelligence
Business Objects
Business Skills
C/C++/Go programming
Cisco
Citrix
Cloud Computing
COBOL
Cognos
ColdFusion
COM/COM+
CompTIA
CORBA
CRM
Crystal Reports
Data Science
Datawarehousing
DB2
Desktop Application Software
DevOps
DNS
Embedded Systems
Google Web Toolkit (GWT)
IPhone
ITIL
Java
JBoss
LDAP
Leadership Development
Lotus
Machine learning/AI
Macintosh
Mainframe programming
Mobile
MultiMedia and design
.NET
NetApp
Networking
New Manager Development
Object oriented analysis and design
OpenVMS
Oracle
Oracle VM
Perl
PHP
PostgreSQL
PowerBuilder
Professional Soft Skills Workshops
Project Management
Rational
Ruby
Sales Performance
SAP
SAS
Security
SharePoint
SOA
Software quality and tools
SQL Server
Sybase
Symantec
Telecommunications
Teradata
Tivoli
Tomcat
Unix/Linux/Solaris/AIX/
HP-UX
Unisys Mainframe
Visual Basic
Visual Foxpro
VMware
Web Development
WebLogic
WebSphere
Websphere MQ (MQSeries)
Windows programming
XML
XML Web Services
Other
Developing Defensible Web Applications
Overview

This class first demonstrates to developers how attackers create strategies to compromise applications in order to help students “think like an attacker.” The class then moves into demonstrating how the Open Web Application Security Project (OWASP) provides developers with the tools to successfully develop applications that are difficult or near impossible to hack. This class is rich in hands-on opportunities giving developers a chance to see for themselves how attackers think, how the framework protects the application, as well as where it falls short. This course also satisfies section 6.5 of the Payment Card Industry Data Security Standard (PCI DSS).

Audience:

This class is focused specifically on software development but is accessible enough for anyone who’s comfortable working with code and has an interest in understanding the developer’s perspective:

  • Software Developers and Architects
  • Testers/QA specialists
  • Systems and Security Administrators
  • Penetration Testers
Prerequisites

Experience with programming in ASP.NET using C#, or Java JSP/Servlets, or proficiency and a solid grasp of syntax in whatever platform/language you work with.

Course duration

5 days

Course outline

* indicates hands-on labs

Common Attacks
  • Injection Flaws *
  • Cross Site Scripting *
  • Cross Site Request Forgery *
  • Malicious File Execution *
  • Security Configuration *
  • Session Hijacking *
  • Encryption *
  • Unsecure Direct Object Reference *
  • Failure to authorize/hidden URLs *
Secure Design
  • Layered Design Concepts
  • Object Layer
  • Persistence Layer
  • Presentation Layer
Countermeasures
  • Validation *
    • Validation Controls
    • Strong Typing
    • Regular Expressions
    • White list
    • Scrubbing
    • Black list
  • Encoding *
  • CAPTCHA *
  • Honey Pots *
  • Avoiding SQL Injection *
    • Parameterized Queries/Prepared Statements
    • Stored Procedures
    • Entity Framework/Hibernate
  • Avoiding Cross Site Request Forgeries
  • Authorization & Authentication
    • .Net Authentication
    • Basic & Digest
    • Forms *
    • Windows Authentication
    • JAAS and other Java authentication services. *
    • Authorization
    • Password Security *
    • Brute Force attacks
    • Password Resets
    • Secret Questions/Answers
    • SSL
Session Security
  • Session IDs
  • Policies
  • Hijacking/Fixation Attacks *
Resources
  • OWASP Tools
    • ESAPI
    • CSRF Tester
    • WebScarab
  • Other tools
Please contact your training representative for more details on having this course delivered onsite or online

Training Outlines - the one stop shopping center for IT training.
© Training Outlines All rights reserved