(Click Category to List Courses)

40 - IT-S Information Technology - Security and Audit


IT-S 140 - DOJO: Web Application Security Implementation (6 Days)

Code Start Date Duration Venue Fees
IT-S 140 07 June 2021 6 Days Istanbul $ 4750 Registration Form Link
IT-S 140 09 August 2021 6 Days Istanbul $ 4750 Registration Form Link
IT-S 140 06 September 2021 6 Days Istanbul $ 4750 Registration Form Link
IT-S 140 27 December 2021 6 Days Istanbul $ 4750 Registration Form Link
DOWNLOAD PDF

 

Course Description

One of the main concerns for many companies and internet users around the world is security. This is getting harder to achieve everyday with attacks getting more and more sophisticated. One of the ways for everyday users and beginning professionals to protect their content is Web Security Dojo. Dojo is designed to provide practical, hands-on exercises on web security and intrusion techniques.

Course Objectives

  • Understand how HTTP comunication works
  • Gain knowledge of Web vulnearabilities
  • Learn common web security testing tools

Who Should Attend?

  • Network administrators
  • Database administrators
  • Ethical Hackers and Penetration Testers
  • IT managers
  • Anyone who deal directly or indirectly with IT

Course Details/Schedule

Day 1

  • Web fundamentals and security configurations 
  • Introduction to HTTP protocol 
  • Overview of web authentication technologies 
  • Web application architecture 
  • Recent attack trends 
  • Web infrastructure security/Web application firewalls Managing configurations for web apps 

Day 2

  • Defense against input related threats 
  • Input-related vulnerabilities in web applications 
  • SQL injection 
  • Cross-site request forgery 
  • Cross-site scripting vulnerability and defenses 
  • Unicode handling strategy 
  • File upload handling 
  • Business logic and concurrency 

Day 3

  • Web application authentication and authorization 
  • Authentication vulnerabilities and defense 
  • Multifactor authentication 
  • Session vulnerabilities and testing 
  • Authorization vulnerabilities and defense 
  • SSL vulnerabilities and testing 
  • Proper encryption use in web application

Day 4

  • Web services and front-end security 
  • Honeytoken 
  • Web services overview 
  • Security in parsing of XML 
  • XML security 
  • AJAX technologies overview 
  • AJAX attack trends and common attacks 
  • REST security 
  • Browser-based defense such as Content Security Policy 

Day 5

  • Cutting-edge web security 
  • Serialization security 
  • Clickjacking 
  • DNS rebinding 
  • HTML5 security 
  • Logging collection and analysis for web apps 
  • Security testing 
  • IPv6 impact on web security 

Day 6

  • Capture-and-defend-the-flag exercise 
  • Mitigating server configuration errors 
  • Discovering and mitigating coding problems 
  • Testing business logic issues and fixing problems 
  • Testing web services and mitigating security problems 
  • Reinforcing key topics discussed throughout the course through comprehensive exercises