Secure Web Application Development Training
This outline is also available in these languages: ??languagelist??
Professional Development Units:
Continuing Development Units:
MEETING BUSINESS REQUIREMENTS
We will shape this course to maximize value in your organization by meeting your implementations standards. Inquire for a complementary preliminary needs analysis by clicking the Contact Us button below.
Classes marked with a are Guaranteed to Run on the scheduled dates. Classes marked with a will be Guaranteed to Run with one more paid registration.
There are ??othercoursecount?? similar courses in different countries and/or formats.Click here to see them.
This course is available in these other formats: ??otherformatlist??
Need a customized class for your group? Contact Us.
No classes scheduled? Sign Up to be notified when new classes are added.
Click here to see our FAQs
*Public Price per Student
This course is designed to provide students with the knowledge necessary to produce secure web applications, integrating security measures into the development process from requirements to deployment and maintenance. This course explores well beyond basic programming skills, teaching developers sound processes and practices to apply to the entire software development lifecycle. This course is short on theory and long on application, providing students with in-depth, code-level demonstrations and walk-throughs. This course is taught in a language-neutral fashion, with demonstrations from several languages to illustrate patterns and techniques.
This course is on the intermediate level. It is in seminar format with lecture combined with open discussions and high-level demonstrations.
Upon completion of the course, students will be able to:
- Explain potential sources for untrusted data
- Describe the consequences for not properly handling untrusted data such as denial of service, cross-site scripting, and injections
- Test web applications with various attack techniques to determine the existence of and effectiveness of layered defenses
- Prevent and defend the many potential vulnerabilities associated with untrusted data
- Explain the vulnerabilities of associated with authentication and authorization
- Detect, attack and implement defenses for authentication and authorization functionality and services
- Describe the dangers and mechanisms behind Cross-Site Scripting (XSS) and Injection attacks
- Detect, attack and implement defenses against XSS and Injection attacks
- Explain the concepts and terminology behind defensive, secure coding
- Descibe the use of Threat Risk Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets
- Perform both static code reviews and dynamic application testing to uncover vulnerabilities in web applications
- Design and develop strong, robust authentication and authorization implementations
- Explain the fundamentals of XML Digital Signature and XML Encryption as well as how they are used within the web services arena
- Detect, attack and implement defenses for XML-based services and functionality
- Describe techniques and measures that can used to harden web and application servers as well as other components in your infrastructure
- Analyze and implement the processes and measures associated with the security development lifecycle (SDL)
- Acquire the skills, tools and best practices for design and code reviews as well as testing initiatives
- List the basics of security testing and planning
- Work through a comprehensive testing plan for recognized vulnerabilities and weaknesses
- Web Developers
- Project Stakeholders
- Basic experience with a programming language
This course is included in the following Roadmaps: