(Click Category to List Courses)
42 - IT-S Information Technology - Security and Audit
IT-S 136 - Web Application Security
Code | Start Date | Duration | Venue | |
---|---|---|---|---|
IT-S 136 | 04 November 2024 | 5 Days | Istanbul | Registration Form Link |
IT-S 136 | 02 December 2024 | 5 Days | Istanbul | Registration Form Link |
Course Description
During the course, the risks of web applications and the extent of sensitive data that can be exposed or compromised are demonstrated. From there, we offer real world solutions on how to mitigate these risks and effectively evaluate and communicate residual risks.
After attending the class, participants will be able to apply what they learned quickly and bring back techniques to not only better secure their applications, but also do so efficiently by adding security early in the software development life cycle, "shifting left" ecurity decisions and testing, thus saving time, money, and resources for the organization.
Course Overview
- Learn about infrastructure security and configuration management
- Understand authentication and authorization mechanisms
- Avoid improper error handling
- Discuss identification and authentication failures
Who Should Attend?
- Web App Developers, Testers, and Designers
- Networking and Security Professionals
- Auditors
- Anyone interested in techniques for securing Web applications
Course Details/Schedule
Day 1
- Introduction to Application Security
- Threat Modeling
- Injection
- SQL
- XML
- JSON
- OS (Operating system)
- Source Code
Day 2
- Broken Authentication
- Cross site scripting
- Insecure deserialization
- Using known vulnerable components
- Insufficient logging and monitoring
- Authentication
- Session Management
Day 3
- Sensitive Data Exposure
- Storage
- Caches
- Deployment
- Secure Secret Storage
- Encrypted secrets/credentials
Day 4
- XML External Entities (XXE)
- Broken Access Control
- Cross-Site Request Forgery
- Path Traversal: '.../...//'
- Relative Path Traversal
- Missing Authorization
- Incorrect Authorization
- Exposure of WSDL File Containing Sensitive Information
- Insecure Direct Object References
- Absence of Access Control to Functions
Day 5
- Security Misconfiguration
- KB Properties
- Transmission
- Cross-Site Scripting (XSS)
- Insecure Deserialization
- Components with Known Vulnerabilities
- Insufficient Logging & Monitoring