Cyber security is a serious challenge today as attackers specifically target web application vulnerabilities. This seminar is an introduction to application security threats, demonstrating the security problems that exist in the corporate systems with a strong emphasis on application security and secure design. During this seminar we cover the major security vulnerabilities including the OWASP top 10 vulnerabilities, and secure-design & coding best practices when designing and developing web applications & server based services.
This seminar main objective is:
- raising the awareness on the problems that might occur without secure coding practices.
- teach your important role in the corporate effort to secure its systems, while utilizing information security best practices.
- to learn about the threat landscape and the controls you should use during the software development lifecycle.
In this course you will learn how to:
- understand the concepts and terminology behind defensive, secure, coding.
- appreciate the magnitude of the problems associated with web application security and the potential risks associated with those problems.
- understand the consequences for not properly handling untrusted data such as denial of service, cross-site scripting, and injections.
- understand the vulnerabilities of associated with authentication and authorization.
- understand techniques and measures that can used to harden web and application servers as well as other components in your infrastructure.
All members of the development team:
- Application security analysts
- Team leaders
- Testers / QA
- Designers & architects
Before attending this course, you should be familiar with:
- basic knowledge of information systems
- background knowledge in networking, the internet and the www
- development background with internet applications, using at least one of those languages: .NET, Java, PHP, AP, C/C++.
1. Application Security - What is the problem?
- Web Application Security Problem
- Application Security Myths
- State-of-Practice in Secure Software Development
2. Application Level Attacks - Learning the Attacker's Techniques
- HTTP fundamentals
- OWASP top 10 web application risks
- Broken Authentication and Session Management
- Broken Authorization Schema
- Injections (e.g. SQL injection, command injection, etc.)
- Cross Site Scripting (XSS)
- Cross Site Request Forgery (CSRF)
- Denial of Service (DoS)
- Browser Manipulation Attacks
- Unvalidated Redirects and Forwards
- Information Leakage
- Business Logic Attacks
- Upload File Backdoors
- Insecure Cryptographic Storage
- SSL & Digital Signatures
- Events Logging
3. Security countermeasures and best practices
- Authentication best practices
- Brute Force Countermeasures
- Account lockout vs CATPCHA
- Securing passwords
- Authorization best practices
- SQL injection countermeasures
- Output encoding & input validation techniques
- Cross Site Request Forgery (CSRF) countermeasures
- Replay attacks countermeasures
- File upload/download countermeasures
- Security logging - what to log and what not to log
- 'Build in' Software Assurance
- Software Assurance Quick Start
All chapters include: hands-on demonstrations and interactive questions.
Toreon provides the experienced trainer Sebastien Deleersnyder to share his practical application security experience. Sebastien led engagements in the domain of ICT-security, Web and Mobile Security with several customers including BNP Paribas Fortis, Atos Worldline, KBC, Nationale Nederlanden (ING), Isabel, Fluxys, OLAF, EU Council, TNT Post, Flemish Community, Agfa-Gevaert and ING Insurance International. Sebastien is the Belgian OWASP Chapter Leader, served as vice-chair of the global OWASP Foundation Board and performed several public presentations on Web Application, Mobile and Web Services Security. Furthermore, Sebastien co-founded the yearly BruCON conference.
|Prix:|| 749 EUR (hors TVA)
Les formations Kluwer sont susceptibles de bénéficier de différentes subventions. Un instrument pratique qui vous permet de ne payer q'une partie vous-même
|Intra-entreprise:||Plusieurs collègues ont besoin de cette formation ? Et de préférence sans devoir se déplacer ? Invitez simplement la formation dans votre département ou votre entreprise : pratique ! Le formateur met l’accent sur votre situation, sur votre secteur et sur les questions de vos collaborateurs. Demandez votre formation intra-entreprise.|