Cyber security is a serious challenge today as attackers specifically target web application vulnerabilities. This seminar is an introduction to application security threats, demonstrating the security problems that exist in the corporate systems with a strong emphasis on application security and secure design. During this seminar we cover the major security vulnerabilities including the OWASP top 10 vulnerabilities, and secure-design & coding best practices when designing and developing web applications & server based services.

Objectifs

This seminar main objective is:

  • raising the awareness on the problems that might occur without secure coding practices.
  • teach your important role in the corporate effort to secure its systems, while utilizing information security best practices.
  • to learn about the threat landscape and the controls you should use during the software development lifecycle.

Résultats

In this course you will learn how to:

  • understand the concepts and terminology behind defensive, secure, coding.
  • appreciate the magnitude of the problems associated with web application security and the potential risks associated with those problems.
  • understand the consequences for not properly handling untrusted data such as denial of service, cross-site scripting, and injections.
  • understand the vulnerabilities of associated with authentication and authorization.
  • understand techniques and measures that can used to harden web and application servers as well as other components in your infrastructure.

Destiné à

All members of the development team:

  • Developers
  • Application security analysts
  • Team leaders
  • Testers / QA
  • Designers & architects
  • Managers

Before attending this course, you should be familiar with:

  • basic knowledge of information systems
  • background knowledge in networking, the internet and the www
  • development background with internet applications, using at least one of those languages: .NET, Java, PHP, AP, C/C++.

Programme

1. Application Security - What is the problem?

  • Web Application Security Problem
  • Application Security Myths
  • State-of-Practice in Secure Software Development

2. Application Level Attacks - Learning the Attacker's Techniques

  • HTTP fundamentals
  • OWASP top 10 web application risks
  • Broken Authentication and Session Management
  • Broken Authorization Schema
  • Injections (e.g. SQL injection, command injection, etc.)
  • Cross Site Scripting (XSS)
  • Cross Site Request Forgery (CSRF)
  • Denial of Service (DoS)
  • Browser Manipulation Attacks
  • Unvalidated Redirects and Forwards
  • Information Leakage
  • Business Logic Attacks
  • Upload File Backdoors
  • Insecure Cryptographic Storage
  • SSL & Digital Signatures
  • Events Logging

3. Security countermeasures and best practices

  • Authentication best practices
  • Brute Force Countermeasures
  • Account lockout vs CATPCHA
  • Securing passwords
  • Authorization best practices
  • SQL injection countermeasures
  • Output encoding & input validation techniques
  • Cross Site Request Forgery (CSRF) countermeasures
  • Replay attacks countermeasures
  • File upload/download countermeasures
  • Security logging - what to log and what not to log

4. Take-away

  • 'Build in' Software Assurance
  • Software Assurance Quick Start

All chapters include: hands-on demonstrations and interactive questions.

Formateur(s)

cr-01839274

Sebastien Deleersnyder

Toreon provides the experienced trainer Sebastien Deleersnyder to share his practical application security experience. Sebastien led engagements in the domain of ICT-security, Web and Mobile Security with several customers including BNP Paribas Fortis, Atos Worldline, KBC, Nationale Nederlanden (ING), Isabel, Fluxys, OLAF, EU Council, TNT Post, Flemish Community, Agfa-Gevaert and ING Insurance International. Sebastien is the Belgian OWASP Chapter Leader, served as vice-chair of the global OWASP Foundation Board and performed several public presentations on Web Application, Mobile and Web Services Security. Furthermore, Sebastien co-founded the yearly BruCON conference.

Informations pratiques

Prix: 749 EUR (hors TVA)

Les formations Kluwer sont susceptibles de bénéficier de différentes subventions. Un instrument pratique qui vous permet de ne payer q'une partie vous-même

Intra-entreprise: Plusieurs collègues ont besoin de cette formation ? Et de préférence sans devoir se déplacer ? Invitez simplement la formation dans votre département ou votre entreprise : pratique ! Le formateur met l’accent sur votre situation, sur votre secteur et sur les questions de vos collaborateurs. Demandez votre formation intra-entreprise.

S'inscrire