(Click Category to List Courses)

41 - IT-S Information Technology - Security and Audit

IT-S 140 - DOJO: Web Application Security Implementation

Code Start Date Duration Venue
IT-S 140 20 February 2023 5 Days Istanbul Registration Form Link
IT-S 140 03 April 2023 5 Days Istanbul Registration Form Link
IT-S 140 12 June 2023 5 Days Istanbul Registration Form Link
IT-S 140 07 August 2023 5 Days Istanbul Registration Form Link
IT-S 140 02 October 2023 5 Days Istanbul Registration Form Link
IT-S 140 27 November 2023 5 Days Istanbul Registration Form Link
IT-S 140 18 December 2023 5 Days Istanbul Registration Form Link
Please contact us for fees


Course Description

One of the main concerns for many companies and internet users around the world is security. This is getting harder to achieve everyday with attacks getting more and more sophisticated. One of the ways for everyday users and beginning professionals to protect their content is Web Security Dojo. Dojo is designed to provide practical, hands-on exercises on web security and intrusion techniques.

Course Objectives

  • Understand how HTTP comunication works
  • Gain knowledge of Web vulnearabilities
  • Learn common web security testing tools

Who Should Attend?

  • Network administrators
  • Database administrators
  • Ethical Hackers and Penetration Testers
  • IT managers
  • Anyone who deal directly or indirectly with IT

Course Details/Schedule

Day 1

  • Web fundamentals and security configurations 
  • Introduction to HTTP protocol 
  • Overview of web authentication technologies 
  • Web application architecture 
  • Recent attack trends 
  • Web infrastructure security/Web application firewalls Managing configurations for web apps 

Day 2

  • Defense against input related threats 
  • Input-related vulnerabilities in web applications 
  • SQL injection 
  • Cross-site request forgery 
  • Cross-site scripting vulnerability and defenses 
  • Unicode handling strategy 
  • File upload handling 
  • Business logic and concurrency 

Day 3

  • Web application authentication and authorization 
  • Authentication vulnerabilities and defense 
  • Multifactor authentication 
  • Session vulnerabilities and testing 
  • Authorization vulnerabilities and defense 
  • SSL vulnerabilities and testing 
  • Proper encryption use in web application

Day 4

  • Web services and front-end security 
  • Honeytoken 
  • Web services overview 
  • Security in parsing of XML 
  • XML security 
  • AJAX technologies overview 
  • AJAX attack trends and common attacks 
  • REST security 
  • Browser-based defense such as Content Security Policy 

Day 5

  • Cutting-edge web security 
  • Serialization security 
  • Clickjacking 
  • DNS rebinding 
  • HTML5 security 
  • Logging collection and analysis for web apps 
  • Security testing 
  • IPv6 impact on web security 
  • Capture-and-defend-the-flag exercise 
  • Mitigating server configuration errors 
  • Discovering and mitigating coding problems 
  • Testing business logic issues and fixing problems 
  • Testing web services and mitigating security problems