08-506 668 00
Training You Can Trust®
 
 

Securing Web Applications, Services and Servers: Hands-On

 
Kurs: 940   Längd: 4 dagar
 
 

You Will Learn How To

  • Implement and test secure Web applications in your organisation
  • Identify, diagnose and correct the most serious Web application vulnerabilities
  • Configure a Web server to encrypt Web traffic with HTTPS
  • Protect Ajax-powered Web 2.0 applications
  • Secure XML Web services with WS-Security
  • Audit Web application security with manual and automated scanning

Course Benefits

Cybersecurity is a serious challenge today as attackers specifically target Web application vulnerabilities. These vulnerabilities can be exploited to obtain confidential information and compromise organisational integrity. As a result, organisations must integrate robust security measures into the Web application development process. This course provides in-depth, hands-on experience securing Web-based applications and host servers.

Who Should Attend

Those who want to implement, test and deploy secure Web applications. Basic knowledge of Web application operation and Web server administration is assumed. Web application development and security knowledge are helpful but not required.

Hands-On Training

Throughout this course, extensive hands-on exercises based on an evolving case study provide you with practical experience in securing applications. Exercises include:
  • Creating a trust boundary with proper input validation
  • Avoiding cross-site scripting (XSS) and cross-site request forgery (CSRF/XSRF)
  • Preventing SQL injection vulnerabilities
  • Implementing URL access restrictions
  • Detecting unauthorised file system modification
  • Enabling HTTPS on a Web server
  • Protecting Web services with WS-Security
  • Identifying vulnerabilities with an application scanner

Related Courses

  • 537 Penetration Testing: Tools and Techniques UK course
  • 589 Vulnerability Assessment UK course
  • 536 Implementing an Incident Response Strategy UK course
  • 289 Disaster Recovery Planning UK course
  • 1220 Säkerhet i molnet

  Securing Web Applications, Services and Servers

Kursschema

Learning Tree AnyWareDu kan gå de överstrukna kurserna i klassrummet eller live, online via Learning Tree AnyWareTM.

Storbritannien

1 - 4 majLondon 

USA

2 - 5 aprilNew York 
1 - 4 majRockville, MD 
8 - 11 majReston, VA 
24 - 27 juliReston, VA 

När du ska gå en AnyWare-kurs bör du anmäla dig minst 10 dagar före kursstart.


För fler kursdatum besök www.learningtree.se
 
http://www.learningtree.se/courses/se940.htm
 
 
08-506 668 00
Training You Can Trust®
 
 

Securing Web Applications, Services and Servers: Hands-On

 
Kurs: 940   Längd: 4 dagar
 
 
Course Content
 

Setting the Stage

  • Defining threats to your Web assets
  • Surveying the legal landscape and privacy issues
  • Exploring common vulnerabilities

Establishing Security Fundamentals

Modelling Web security

  • Achieving confidentiality, integrity and availability (CIA)
  • Performing authentication and authorisation

Encrypting and hashing

  • Distinguishing public- and private-key cryptography
  • Verifying message integrity with message digests, digital signatures and digital certificates

Augmenting Web Server Security

Configuring security for HTTP services

  • Managing software updates
  • Restricting HTTP methods

Securing communication with SSL/TLS

  • Obtaining and installing server certificates
  • Enabling HTTPS on the Web server
  • Protecting the exchange of credentials

Detecting unauthorised modification of content

  • Configuring permissions correctly
  • Scanning for file-system changes

Implementing Web Application Security

Employing OWASP resources

  • The Open Web Application Security Project (OWASP) Top Ten
  • Recognising cybersecurity risks
  • Remediating identified vulnerabilities

Securing database and application interaction

  • Uncovering and preventing SQL injection
  • Defending against an insecure direct object reference
  • Limitations of encrypting database content

Managing session authentication

  • Protecting against session ID hijacking
  • Enforcing URL access control
  • Blocking cross-site request forgery

Controlling information leakage

  • Displaying sanitised error messages to the user
  • Handling request and page faults

Performing input validation

  • Establishing trust boundaries
  • Revealing and removing the threat of cross-site scripting (XSS)
  • Exposing the dangers of client-side validation
  • Preventing E-shoplifting

Enhancing Ajax Security

Ajax features

  • Identifying core Ajax components
  • Exchanging information asynchronously

Assessing risks and evaluating threats

  • Managing unpredictable interactions
  • Exposing JSON vulnerabilities

Securing XML Web Services

Diagnosing XML vulnerabilities

  • Identifying non-terminated tags and field overflows
  • Uncovering Web service weaknesses

Protecting the SOAP message exchange

  • Validating input with an XML schema
  • Encrypting exchanges with HTTPS
  • Implementing WS-Security with a framework
  • Authenticating access to Web services

Scanning Applications for Weaknesses

Operating and configuring scanners

  • Matching patterns to identify faults
  • "Fuzzing" to discover new or unknown vulnerabilities

Detecting application flaws

  • Scanning applications remotely
  • Strategies for testing and scanning
  • Testing Web applications with Netcat, Cryptcat and Wget
  • Intercepting traffic with OWASP WebScarab

Best Practices for Web Security

Adopting standards

  • Reducing risk by implementing proven architectures
  • Handling personal and financial data
  • Developing guidelines for logging

Managing network security

  • Modelling threats to reduce risk
  • Integrating applications with your network architecture
 
http://www.learningtree.se/courses/se940.htm
 
 
08-506 668 00
Training You Can Trust®
 
 

Securing Web Applications, Services and Servers: Hands-On

 
Kurs: 940   Längd: 4 dagar
 
 
Kurspriser
22 950 krOrd. Pris
kurspriser med
rabattprogram
14 300 krMed Treklöver
12 975 krMed Fyrklöver
17 350 krMed Företagskort -
10-kort
17 360 krMed ProPack 40
Alla priser i SEK, exkl moms.

I kursavgiften ingår bl a...

  • Kursplats
  • Gruppövningar
  • Tillgång till klassrumsutrustning
  • Omfattande kursmaterial
  • Lunch
  • För- och eftermiddagsfika
  • Kursdiplom
  • Kostnadsfritt deltagande i våra specialiserade Certifieringsprogram (inkl. tillhörande examenstester)
  
 

Nyttja våra förmånliga erbjudanden och avtal

Learning Trees Två-, Tre- och Fyrklöver
  • Personligt rabattprogram med 2, 3 eller 4 valfria kurser
  • Upp till 50 % rabatt per kurs jämfört med ord. pris
  • Läs mer på www.learningtree.se/klover
Learning Trees Företagskort
  • Flexibelt och kostnadseffektivt som ger upp till 35 % rabatt kurs jämfört med ord. pris
  • Utbilda valfri medarbetare, när som helst och var som helst under 12 månader
  • Läs mer på www.learningtree.se/foretagskort

Vi garanterar att du blir nöjd

Om du inte känner dig 100 % övertygad om att Learning Tree har levererat vad du förväntat dig så tar vi inte ut någon avgift för ditt kursdeltagande. Vår kvalitetsgaranti ger den enskilde deltagaren möjlighet att efter genomförd kurs endast betala om kursen uppfyller deltagarens förväntningar.

Boka dig idag!

Vårt omfattande kursschema ger dig möjlighet att välja både datum och kursort för din utbildning. Ring 08-506 668 00 eller boka dig online.
 
http://www.learningtree.se/courses/se940.htm