SETC Training844-434-7382
 Find a Course: 
 
Programming TrainingMicrosoft TrainingMS Office TrainingServer TrainingManagement TrainingNetwork TrainingAbout UsContact Us

IT Security Training


The ambience, food and camaraderie excellent. The arrangements made to compensate for my disability has been much appreciated. THANKS The place felt like home.
Comment from Shared Services

1. Title

  • Building Secure Web Applications based on OWASP (.NET or Java) (SECOWASP, 3 days)
    View PDF

2. Course Pre-requisites

  • Previous experience in a web development role

3. Target Audience

  • Developers who want to learn how to create safe and secure web applications using OWASP

4. Dates and Pricing


2 People for Guaranteed Live or Virtual Delivery $2,250.00 per person

5. Outline

Module 1: Introduction and Overview

Topic 1: What are Web Applications and Web Services?

Topic 2: About the Underlying Technology of Applications and Services

Topic 3: A Few Important Definitions: Risk, Threats and Vulnerabilities

Topic 4: An Overview of Risk Assessment and Management Techniques

Topic 5: About Measuring the Risk

Topic 6: About Dealing with Risk

Module 2: Security Guidelines

Topic 1: Input and Output Validation

Topic 2: About Secure Failure

Topic 3: The Need for Simplicity

Topic 4: Reusing Trusted Components

Topic 5: About Predictive Defence

Topic 6: The Weakest Link Principle

Topic 7: Obscuring Components doesn’t make them Secure

Topic 8: About Least Privilege

Topic 9: About Compartmentalization

Topic 10: About the Architecture: Operating System, Infrastructure and Application

Topic 11: Security Architecture of .NET or Java

Module 3: Authentication

Topic 1: Types of Authentication

Topic 2: Overview of Browser Limitations

Topic 3: Certificate Basics: Public Keys, Private Keys and Certificates

Topic 4: Exploring Authentication Types: Basic, Digest, Forms and Certificate Based

Topic 5: Using Cookies for Entity Authentication

Topic 6: Using DNS for Infrastructure Authentication

Topic 7: About Password Based Authentication Systems

Topic 8: Implementing Authentication in .NET or Java

Module 4: Managing User Sessions

Topic 1: All you ever wanted to know about Cookies: Persistence, Security and Usage

Topic 2: All you ever wanted to know about the Session Token

Topic 3: Session Management: Using a Session Timeout

Topic 4: Session Management: Regeneration of Session Token

Topic 5: Session Management: Session Forging or Lockout

Topic 6: Session Management: Re-authentication

Topic 7: Session Management: Session Token Transmission

Topic 8: Session Management: Page Tokens

Topic 9: Session Management: Session Tokens on Logout

Topic 10: Using SSL: The SSL Handshake in Detail

Topic 11: Session Management in .NET or Java

Module 5: Access Control

Topic 1: Discretionary Access Control

Topic 2: Mandatory Access Control

Topic 3: Role Based Access Control

Topic 4: Access Control in .NET or Java

Module 6: Event Logging

Topic 1: The Importance of Logging Events

Topic 2: About Event Management

Topic 3: Logging Events in .NET or Java

Module 7: Data Validation

Topic 1: The Architecture of Data Validation

Topic 2: Why Client Validation should not be relied upon

Topic 3: Validation Techniques: Accept Only Known Valid Data

Topic 4: Validation Techniques: Reject Known Bad Data

Topic 5: Validation Techniques: Sanitize all Data

Topic 6: Overview of Business Tier Validation Techniques in .NET or Java

Topic 7: Overview of Data Tier Validation Techniques in .NET or Java

Topic 8: Implementing a Complete Validation Solution based on Enterprise Technologies

Module 8: Preventing Common Problems

Topic 1: About the Meta Character Problem

Topic 2: About Cross-Site Scripting: Description and Mitigation

Topic 3: Direct SQL Command: Description and Mitigation

Topic 4: Direct OS Command: Description and Mitigation

Topic 5: Path Traversal and Path Disclosure: Description and Mitigation

Topic 6: NULL Bytes: Description and Mitigation

Topic 7: Canonicalization Attacks: Description and Mitigation

Topic 8: URL Encoding: Description and Mitigation

Topic 9: Cookie Manipulation: Description and Mitigation

Topic 10: HTTP Header Manipulation: Description and Mitigation

Topic 11: HTML Form Field Manipulation: Description and Mitigation

Topic 12: URL Manipulation: Description and Mitigation

Module 9: Other Problems

Topic 1: HTML Comments

Topic 2: Vendor Patches

Topic 3: System Configuration

Topic 4: Unused Files

Topic 5: Debug Commands

Topic 6: Default Accounts

Module 10: The Need for Privacy

Topic 1: About Web Browsers and Personal Data

Topic 2: About Shared Web Browsers

Topic 3: Protecting Personal Data

Topic 4: Enhanced Browser Privacy

Topic 5: About Browser History and Related Settings

Module 11: About Cryptography

Topic 1: Symmetric versus Asymmetric Cryptography

Topic 2: Public Keys, Private Keys and Certificates

Topic 3: About SSL

Topic 4: About Digital Signatures and Hash Values

Topic 5: Implementing a Complete Cryptographic Solution with .NET or Java

SETC Training on LinkedIn follow @CTESTraining Follow us on Facebook
  Programming Training
  Microsoft Training
  Network Training
  Management Training
  Server Training
  Microsoft Office Training
Site developed and authored by Jean-Marc Choquette