Training Securing Web Applications, Services and Servers – 4 days

Class overview :

Cybersecurity is a serious challenge today as attackers specifically target Web application vulnerabilities. These vulnerabilities can be exploited to obtain confidential information and compromise organizational integrity.

Class goals :

  • Implement and test secure Web applications in your organization
  • Identify, diagnose and correct the most serious Web application vulnerabilities
  • Configure a Web server to encrypt Web traffic with HTTPS
  • Protect Ajax-powered Web 2.0 applications
  • Secure XML Web services with WS-Security
  • Audit Web application security with manual and automated scanning

Content of Securing Web Applications, Services and Servers

Setting the Stage

  • Defining threats to your Web assets
  • Surveying the legal landscape and privacy issues
  • Exploring common vulnerabilities

Establishing Security Fundamentals

Modeling Web security

  • Achieving Confidentiality, Integrity and Availability (CIA)
  • Performing authentication and authorization

Encrypting and hashing

  • Distinguishing public- and private-key cryptography
  • Verifying message integrity with message digests, digital signatures and digital certificates

Augmenting Web Server Security

Configuring security for HTTP services

  • Managing software updates
  • Restricting HTTP methods

Securing communication with SSL/TLS

  • Obtaining and installing server certificates
  • Enabling HTTPS on the Web server
  • Protecting the exchange of credentials

Detecting unauthorized modification of content

  • Configuring permissions correctly
  • Scanning for file-system changes

Implementing Web Application Security

Employing OWASP resources

  • The Open Web Application Security Project (OWASP) Top Ten
  • Recognizing cybersecurity risks
  • Remediating identified vulnerabilities

Securing database and application interaction

  • Uncovering and preventing SQL injection
  • Defending against an insecure direct object reference
  • Limitations of encrypting database content

Managing session authentication

  • Protecting against session ID hijacking
  • Enforcing URL access control
  • Blocking cross-site request forgery

Controlling information leakage

  • Displaying sanitized error messages to the user
  • Handling request and page faults

Performing input validation

  • Establishing trust boundaries
  • Revealing and removing the threat of cross-site scripting (XSS)
  • Exposing the dangers of client-side validation
  • Preventing E-shoplifting

Enhancing Ajax Security

Ajax features

  • Identifying core Ajax components
  • Exchanging information asynchronously

Assessing risks and evaluating threats

  • Managing unpredictable interactions
  • Exposing JSON vulnerabilities

Securing XML Web Services

Diagnosing XML vulnerabilities

  • Identifying nonterminated tags and field overflows
  • Uncovering Web service weaknesses

Protecting the SOAP message exchange

  • Validating input with an XML schema
  • Encrypting exchanges with HTTPS
  • Implementing WS-Security with a framework
  • Authenticating access to Web services

Scanning Applications for Weaknesses

Operating and configuring scanners

  • Matching patterns to identify faults
  • « Fuzzing » to discover new or unknown vulnerabilities

Detecting application flaws

  • Scanning applications remotely
  • Strategies for testing and scanning
  • Testing Web applications with Netcat, Cryptcat and Wget
  • Intercepting traffic with OWASP WebScarab

Best Practices for Web Security

Adopting standards

  • Reducing risk by implementing proven architectures
  • Handling personal and financial data
  • Developing guidelines for logging

Managing network security

  • Modeling threats to reduce risk
  • Integrating applications with your network architecture

Onze voordelen :

  • Type of training: Inter-company, intra-company and individual
  • 100% flexible & personalised training : You choose the place, the dates and the training program
  • Offer request : Response within 24 hours
  • 50% discount for SME’s from Brussels-Capital Region
  • Free parking, lunch & drinks
  • Free use of our Digital Competence Centre: Manuals, courses, exercises, …

PIXYSTREE SCS

Rue Beeckmans, 53
1180 Bruxelles

Tel : +32 2 412 04 10
Fax : +32 2 412 04 19
Gsm : +32 485 212 722
Email : selossej@pixystree.com

http://www.pixystree.com

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s