(Click Category to List Courses)

42 - IT-S Information Technology - Security and Audit


IT-S 136 - Web Application Security

Code Start Date Duration Venue
IT-S 136 22 August 2022 5 Days Istanbul Registration Form Link
IT-S 136 17 October 2022 5 Days Istanbul Registration Form Link
IT-S 136 12 December 2022 5 Days Istanbul Registration Form Link
Please contact us for fees

 

Course Description

During the course, the risks of web applications and the extent of sensitive data that can be exposed or compromised are demonstrated. From there, we offer real world solutions on how to mitigate these risks and effectively evaluate and communicate residual risks.

After attending the class, participants will be able to apply what they learned quickly and bring back techniques to not only better secure their applications, but also do so efficiently by adding security early in the software development life cycle, "shifting left" ecurity decisions and testing, thus saving time, money, and resources for the organization.

Course Overview

  • Learn about infrastructure security and configuration management
  • Understand authentication and authorization mechanisms
  • Avoid improper error handling
  • Discuss identification and authentication failures

Who Should Attend?

  • Web App Developers, Testers, and Designers 
  • Networking and Security Professionals
  • Auditors
  • Anyone interested in techniques for securing Web applications

Course Details/Schedule

Day 1

  • Introduction to Application Security 
  • Threat Modeling
  • Injection
  • SQL
  • XML
  • JSON
  • OS (Operating system)
  • Source Code

Day 2

  • Broken Authentication
  • Cross site scripting
  • Insecure deserialization 
  • Using known vulnerable components 
  • Insufficient logging and monitoring 
  • Authentication
  • Session Management

Day 3

  • Sensitive Data Exposure
  • Storage
  • Caches
  • Deployment
  • Secure Secret Storage
  • Encrypted secrets/credentials

Day 4

  • XML External Entities (XXE)
  • Broken Access Control
  • Cross-Site Request Forgery
  • Path Traversal: '.../...//'
  • Relative Path Traversal
  • Missing Authorization
  • Incorrect Authorization
  • Exposure of WSDL File Containing Sensitive Information
  • Insecure Direct Object References
  • Absence of Access Control to Functions

Day 5

  • Security Misconfiguration
  • KB Properties
  • Transmission
  • Cross-Site Scripting (XSS)
  • Insecure Deserialization
  • Components with Known Vulnerabilities
  • Insufficient Logging & Monitoring