Learning Tree International

Security Training

1-888-THE-TREE (1-888-843-8733)
 

Request Info

Salutation

First Name

Last Name

Job Title

Department

Mailstop

Company

Address

P.O. Box

City

Province

Postal Code

Country
List

Work Telephone

Ext.

E-mail Address

A representative will contact you to follow up your request.

Privacy Statement

 
Save up to $900 per course with Training Vouchers

 

Securing Web Applications, Services and Servers: Hands-On


Course 9404 Days

  E-mail   Print   Q&A   PDF   Facebook   Twitter

Quick Enrol

You Will Learn How To

  • Implement and test secure Web applications in your organization
  • Identify, diagnose and correct the most serious Web application vulnerabilities
  • Configure a Web server to encrypt Web traffic with HTTPS
  • Protect Ajax-powered Web 2.0 applications
  • Secure XML Web services with WS-Security
  • Audit Web application security with source-code and application scanning

Course Benefits

Attackers today are targeting Web application vulnerabilities more than operating systems and networks. These vulnerabilities can be exploited to obtain confidential information and compromise organizational integrity. As a result, organizations must integrate robust security measures into the Web application development process. This course provides in-depth, hands-on experience securing Web-based applications and host servers.

Who Should Attend

Those who want to implement, test and deploy secure Web applications. Experience developing Web applications and a basic knowledge of Web server administration are assumed. No prior knowledge of security is required.

Hands-On Training

Throughout this course, extensive hands-on exercises based on an evolving case study provide you with practical experience in securing applications. Exercises include:
  • Creating a trust boundary with proper input validation
  • Avoiding cross-site scripting (XSS) and cross-site request forgery (CSRF/XSRF)
  • Preventing SQL injection vulnerabilities
  • Implementing URL access restrictions
  • Detecting unauthorized file system modification
  • Enabling HTTPS on a Web server
  • Protecting Web services with WS-Security
  • Identifying vulnerabilities with an application scanner

Course 940 Content

Setting the Stage

  • Defining threats to your Web assets
  • Surveying the legal landscape and privacy issues
  • Exploring common vulnerabilities

Establishing Security Fundamentals

Modeling Web security

  • Achieving Confidentiality, Integrity and Availability (CIA)
  • Performing authentication and authorization

Encrypting and hashing

  • Distinguishing public- and private-key cryptography
  • Verifying message integrity with message digests, digital signatures and digital certificates

Augmenting Web Server Security

Configuring security for HTTP services

  • Managing software updates
  • Restricting HTTP methods

Securing communication with SSL/TLS

  • Obtaining and installing server certificates
  • Enabling HTTPS on the Web server
  • Protecting the exchange of credentials

Detecting unauthorized modification of content

  • Configuring permissions correctly
  • Scanning for file-system changes

Implementing Web Application Security

Employing OWASP resources

  • The Open Web Application Security Project (OWASP) Top Ten
  • Recognizing critical security faults
  • Remediating identified vulnerabilities

Securing database and application interaction

  • Uncovering and preventing SQL injection
  • Defending against an insecure direct object reference
  • Limitations of encrypting database content

Managing session authentication

  • Protecting against session ID hijacking
  • Enforcing URL access control
  • Blocking cross-site request forgery

Controlling information leakage

  • Displaying sanitized error messages to the user
  • Handling request and page faults

Performing input validation

  • Establishing trust boundaries
  • Revealing and removing the threat of cross-site scripting (XSS)
  • Exposing the dangers of client-side validation
  • Preventing E-shoplifting

Enhancing Ajax Security

Ajax features

  • Identifying core Ajax components
  • Exchanging information asynchronously

Assessing risks and evaluating threats

  • Managing unpredictable interactions
  • Exposing JSON vulnerabilities

Securing XML Web Services

Diagnosing XML vulnerabilities

  • Identifying nonterminated tags and field overflows
  • Uncovering Web service weaknesses

Protecting the SOAP message exchange

  • Validating input with an XML schema
  • Encrypting exchanges with HTTPS
  • Implementing WS-Security with a framework
  • Authenticating access to Web services

Scanning Applications for Weaknesses

Operating and configuring scanners

  • Matching patterns to identify faults
  • "Fuzzing" to discover new or unknown vulnerabilities

Detecting application flaws

  • Scanning applications remotely
  • Strategies for testing and scanning
  • Testing Web applications with Netcat, Cryptcat and Wget
  • Intercepting traffic with OWASP WebScarab

Best Practices for Web Security

Adopting standards

  • Reducing risk by implementing proven architectures
  • Handling personal and financial data
  • Developing guidelines for logging

Managing network security

  • Modeling threats to reduce risk
  • Integrating applications with your network architecture

<< Back to Security Course List
 

Related Courses

 
Securing Web Applications, Services and Servers: Hands-On
Hands-On Training

Course Dates

Sep 14 - 17Ottawa enrol
Sep 28 - Oct 1Toronto enrol
Mar 15 - 18Ottawa enrol
Mar 29 - Apr 1Toronto enrol
Jul 12 - 15Ottawa enrol
Jul 26 - 29Toronto enrol

US Dates

Oct 12 - 15New York enrol
Oct 26 - 29Reston, VA enrol
Nov 16 - 19Chicago (Schaumburg) enrol
Nov 30 - Dec 3Rockville, MD enrol
Live online classroom training.

Attend highlighted events
in person or online with Learning Tree AnyWareTM.

More Dates and Locations.

On-Site &
Custom Training

Bring this or any Learning Tree course to your location or have it customized for your organization.

Tuition

$ 3,095 Standard Tuition
Tuition with a Savings Plan
$ 1,800Flex-Training Pass
$ 1,800Multi-Course Passport
$ 2,650Voucher 5-Pack
$ 2,785Alumni Gold Discount
$ 2,660Government Discount
 
Securing Web Applications, Services and Servers: Hands-On

Participants securing a Web application against SQL injection.


The most recent 100 evaluations scored this course:

  (3.70/4.00)

 
"Learning Tree is an excellent organization. They're far more professional than other providers I've experienced and dedicated to the needs of the attendees."

– K. Upperman
NJVC

 
Ten Questions to Ask Your Training Provider - Position Paper