TRAINING CATEGORIES
(Click Category to List Courses)

42 - IT-S Information Technology - Security and Audit


IT-S 136 - Web Application Security

Code Start Date Duration Venue
IT-S 136 04 November 2024 5 Days Istanbul Registration Form Link
IT-S 136 02 December 2024 5 Days Istanbul Registration Form Link
Please contact us for fees

 

Course Description

During the course, the risks of web applications and the extent of sensitive data that can be exposed or compromised are demonstrated. From there, we offer real world solutions on how to mitigate these risks and effectively evaluate and communicate residual risks.

After attending the class, participants will be able to apply what they learned quickly and bring back techniques to not only better secure their applications, but also do so efficiently by adding security early in the software development life cycle, "shifting left" ecurity decisions and testing, thus saving time, money, and resources for the organization.

Course Overview

  • Learn about infrastructure security and configuration management
  • Understand authentication and authorization mechanisms
  • Avoid improper error handling
  • Discuss identification and authentication failures

Who Should Attend?

  • Web App Developers, Testers, and Designers 
  • Networking and Security Professionals
  • Auditors
  • Anyone interested in techniques for securing Web applications

Course Details/Schedule

Day 1

  • Introduction to Application Security 
  • Threat Modeling
  • Injection
  • SQL
  • XML
  • JSON
  • OS (Operating system)
  • Source Code

Day 2

  • Broken Authentication
  • Cross site scripting
  • Insecure deserialization 
  • Using known vulnerable components 
  • Insufficient logging and monitoring 
  • Authentication
  • Session Management

Day 3

  • Sensitive Data Exposure
  • Storage
  • Caches
  • Deployment
  • Secure Secret Storage
  • Encrypted secrets/credentials

Day 4

  • XML External Entities (XXE)
  • Broken Access Control
  • Cross-Site Request Forgery
  • Path Traversal: '.../...//'
  • Relative Path Traversal
  • Missing Authorization
  • Incorrect Authorization
  • Exposure of WSDL File Containing Sensitive Information
  • Insecure Direct Object References
  • Absence of Access Control to Functions

Day 5

  • Security Misconfiguration
  • KB Properties
  • Transmission
  • Cross-Site Scripting (XSS)
  • Insecure Deserialization
  • Components with Known Vulnerabilities
  • Insufficient Logging & Monitoring

 

ETABS and SAFE. Training 24 CCE 210 5 SAP 2000. Training 25 CCE 305 5 Quality Assurance in Pavement Construction 26 CCE 401 5 Construction Project Management 27 CCE 402 10 Construction Project Management (10 Days) 28 CCE 403 5 Construction Project Management-Intensive 29 CCE 405 5 Principles of Construction Project Management 30 CCE 406 10 Principles of Construction Project Management (10 Days) 31 CCE 410 10 Construction Project and Risk Management (10 days) 32 CCE 411 5 Project & Contract Management for Marine Construction 33 CCE 412 5 Application of GIS in Construction Management 34 CCE 415 4 Sustainable Water Management Techniques, Innovation and Solution (4 Days) 35 CCE 419 5 Construction Management of Hydraulic Projects 36 CCE 420 5 Water Project Management 37 CCE 421 10 Modern Technologies in the Supervision and Quality Control of Irrigation Projects and Dealing with Contractors (10 Days) 38 CCE 422 5 Rapid Earthquake Hazard Evaluation of Buildings 39 CCE 425 10 Practical Application of Computers in Structural Engineering (10 Days) 40 CCE 428 5 Survey & Profile Using Total Station 41 CCE 430 5 Bridge Construction and Maintenance 42 CCE 435 5 Bridge Inspection and Maintenance 43 CCE-A 410 10 إدارة المشاريع الهندسية -10 أيام
21 - TTC - Transportation and Traffic Control
22 - ADV - Architectural Design and Visualization
23 - SRM - Safety and Occupational Health
24 - CSM - Public Relations, Communication Skills & Office Management
25 - TEM - Training and Education Management
26 - CMR - Customer Relations