Developing Defensible Web Applications

Course ID

93500

Course Description

This class first demonstrates to developers how attackers create strategies to compromise applications in order to help students "think like an attacker." The class then moves into demonstrating how the Open Web Application Security Project (OWASP) provides developers with the tools to successfully develop applications that are difficult or near impossible to hack. This class is rich in hands-on opportunities giving developers a chance to see for themselves how attackers think, how the framework protects the application, as well as where it falls short. This course also satisfies section 6.5 of the Payment Card Industry Data Security Standard (PCI DSS).

Prerequisites

Experience with programming in ASP.NET using C#, or Java JSP/Servlets, or proficiency and a solid grasp of syntax in whatever platform/language you work with.

Audience

This class is focused specifically on software development but is accessible enough for anyone who's comfortable working with code and has an interest in understanding the developer's perspective:
  • Software Developers and Architects
  • Testers/QA specialists
  • Systems and Security Administrators
  • Penetration Testers

Course Content

    Common Attacks
  • Injection Flaws
  • Cross Site Scripting
  • Cross Site Request Forgery
  • Malicious File Execution
  • Security Configuration
  • Session Hijacking
  • Encryption
  • Unsecure Direct Object Reference
  • Failure to authorize/hidden URLs

    Secure Design
  • Layered Design Concepts
  • Object Layer
  • Persistence Layer
  • Presentation Layer

    Countermeasures
  • Validation
    • Validation Controls
    • Strong Typing
    • Regular Expressions
    • White list
    • Scrubbing
    • Black list
  • Encoding
  • CAPTCHA
  • Honey Pots
  • Avoiding SQL Injection
    • Parameterized Queries/Prepared Statements
    • Stored Procedures
    • Entity Framework/Hibernate
  • Avoiding Cross Site Request Forgeries
  • Authorization & Authentication
    • .Net Authentication
    • Basic & Digest
    • Forms
    • Windows Authentication
    • JAAS and other Java authentication services.
    • Authorization
    • Password Security
    • Brute Force attacks
    • Password Resets
    • Secret Questions/Answers
    • SSL

    Session Security
  • Session IDs
  • Policies
  • Hijacking/Fixation Attacks

    Resources
  • OWASP Tools
    • ESAPI
    • CSRF Tester
    • WebScarab
    • Other tools

For More Information

For training inquiries, call 850-308-1376

or email us at eramos@gbsi.com

Course Details

Duration - 5 days
Price - $2995.00 USD


(Discounts may apply. Call for more information.)

Course Actions

Schedule

Acceletrain Collaborative Learning Environment (formerly know as VILT) places industry certified and expert instructors, peers, learners and multi-media components into a "borderless classroom", and interactive learning environment that can span multiple physical locations. VILT combines the benefits of the traditional brick-and-mortar classroom with innovative learning techniques and the cost savings of internet-based training.