SETC Training844-434-7382
 Find a Course: 
 
Programming TrainingMicrosoft TrainingMS Office TrainingServer TrainingManagement TrainingNetwork TrainingAbout UsContact Us

IT Security Training


Explained what could be have been very complicated information in a clear and concise manner which allowed myself to follow along and understand with ease. Instructor had great enthusiasm that kept us all involved.
Comment from Shared Services Canada

1. Title

  • Building Secure Web Applications based on OWASP (.NET or Java) (SECOWASP, 3 days)
    View PDF

2. Course Pre-requisites

  • Previous experience in a web development role

3. Target Audience

  • Developers who want to learn how to create safe and secure web applications using OWASP

4. Dates and Pricing


2 People for Guaranteed Live or Virtual Delivery $2,250.00 per person

5. Outline

Module 1: Introduction and Overview

Topic 1: What are Web Applications and Web Services?

Topic 2: About the Underlying Technology of Applications and Services

Topic 3: A Few Important Definitions: Risk, Threats and Vulnerabilities

Topic 4: An Overview of Risk Assessment and Management Techniques

Topic 5: About Measuring the Risk

Topic 6: About Dealing with Risk

Module 2: Security Guidelines

Topic 1: Input and Output Validation

Topic 2: About Secure Failure

Topic 3: The Need for Simplicity

Topic 4: Reusing Trusted Components

Topic 5: About Predictive Defence

Topic 6: The Weakest Link Principle

Topic 7: Obscuring Components doesn’t make them Secure

Topic 8: About Least Privilege

Topic 9: About Compartmentalization

Topic 10: About the Architecture: Operating System, Infrastructure and Application

Topic 11: Security Architecture of .NET or Java

Module 3: Authentication

Topic 1: Types of Authentication

Topic 2: Overview of Browser Limitations

Topic 3: Certificate Basics: Public Keys, Private Keys and Certificates

Topic 4: Exploring Authentication Types: Basic, Digest, Forms and Certificate Based

Topic 5: Using Cookies for Entity Authentication

Topic 6: Using DNS for Infrastructure Authentication

Topic 7: About Password Based Authentication Systems

Topic 8: Implementing Authentication in .NET or Java

Module 4: Managing User Sessions

Topic 1: All you ever wanted to know about Cookies: Persistence, Security and Usage

Topic 2: All you ever wanted to know about the Session Token

Topic 3: Session Management: Using a Session Timeout

Topic 4: Session Management: Regeneration of Session Token

Topic 5: Session Management: Session Forging or Lockout

Topic 6: Session Management: Re-authentication

Topic 7: Session Management: Session Token Transmission

Topic 8: Session Management: Page Tokens

Topic 9: Session Management: Session Tokens on Logout

Topic 10: Using SSL: The SSL Handshake in Detail

Topic 11: Session Management in .NET or Java

Module 5: Access Control

Topic 1: Discretionary Access Control

Topic 2: Mandatory Access Control

Topic 3: Role Based Access Control

Topic 4: Access Control in .NET or Java

Module 6: Event Logging

Topic 1: The Importance of Logging Events

Topic 2: About Event Management

Topic 3: Logging Events in .NET or Java

Module 7: Data Validation

Topic 1: The Architecture of Data Validation

Topic 2: Why Client Validation should not be relied upon

Topic 3: Validation Techniques: Accept Only Known Valid Data

Topic 4: Validation Techniques: Reject Known Bad Data

Topic 5: Validation Techniques: Sanitize all Data

Topic 6: Overview of Business Tier Validation Techniques in .NET or Java

Topic 7: Overview of Data Tier Validation Techniques in .NET or Java

Topic 8: Implementing a Complete Validation Solution based on Enterprise Technologies

Module 8: Preventing Common Problems

Topic 1: About the Meta Character Problem

Topic 2: About Cross-Site Scripting: Description and Mitigation

Topic 3: Direct SQL Command: Description and Mitigation

Topic 4: Direct OS Command: Description and Mitigation

Topic 5: Path Traversal and Path Disclosure: Description and Mitigation

Topic 6: NULL Bytes: Description and Mitigation

Topic 7: Canonicalization Attacks: Description and Mitigation

Topic 8: URL Encoding: Description and Mitigation

Topic 9: Cookie Manipulation: Description and Mitigation

Topic 10: HTTP Header Manipulation: Description and Mitigation

Topic 11: HTML Form Field Manipulation: Description and Mitigation

Topic 12: URL Manipulation: Description and Mitigation

Module 9: Other Problems

Topic 1: HTML Comments

Topic 2: Vendor Patches

Topic 3: System Configuration

Topic 4: Unused Files

Topic 5: Debug Commands

Topic 6: Default Accounts

Module 10: The Need for Privacy

Topic 1: About Web Browsers and Personal Data

Topic 2: About Shared Web Browsers

Topic 3: Protecting Personal Data

Topic 4: Enhanced Browser Privacy

Topic 5: About Browser History and Related Settings

Module 11: About Cryptography

Topic 1: Symmetric versus Asymmetric Cryptography

Topic 2: Public Keys, Private Keys and Certificates

Topic 3: About SSL

Topic 4: About Digital Signatures and Hash Values

Topic 5: Implementing a Complete Cryptographic Solution with .NET or Java

SETC Training on LinkedIn follow @CTESTraining Follow us on Facebook
  Programming Training
  Microsoft Training
  Network Training
  Management Training
  Server Training
  Microsoft Office Training
Site developed and authored by Jean-Marc Choquette