About this course
If you are involved in web application development, you need to understand the basics of security. The Introduction to Web Application Security course gives you an overview of the most important security concerns in web applications, and how to deal with them. You will learn how and why web apps are vulnerable.The course includes the top 10 vulnerabilities, based on the Open Web Application Security Project. You will learn what each vulnerability is, and the best approach to counter the risk.
This course does not focus on any programming language or technology.
Why you want to attend
You should attend the Introduction to Web Application Security course if:- You are a web application developer, and you need to write secure applications.
- You are a manager and you want to reduce your organisation’s vulnerability to security attacks.
- You are a network or server engineer, and you are responsible for application security.
What you need to know first
Before you attend the Introduction to Web Application Security course, you should have some technical background and a basic understanding of web applications.Price and duration
Price: R5,900.00 excluding VAT per delegate.This price includes everything that you need:
- All course material, provided in an electronic format.
- An attendance certificate after the course, in PDF format.
The Introduction to Web Application Security course is presented virtually. Find out more about our virtual training and how it works.
This course is only scheduled on request for group bookings. Please contact us to discuss a date.
How to book
It’s so easy to book for the Introduction to Web Application Security course. Just email us at info@incusdata.com. You can send us a purchase order, or fill in our course enrolment form. After we have received your booking, we will confirm that you are booked, and we’ll send you an invoice.Detailed course contents
Introduction
- Case studies and statistics.
- Introduction to web applications.
- Basics of web application architecture.
- Application security risks.
- Attack vectors.
- Threat agents.
HTTP Protocol
- HTTP protocol basics.
- HTTP response headers.
- HTTP versus HTTPS.
- HTTP Strict Transport Security (HSTS).
- X-Frame-Options.
- X-XSS-Protection.
- X-Content-Type-Options.
- Content-Security-Policy.
- Referrer-Policy.
- Expect-CT.
Global Organisations, Standards and Frameworks
- The Web Application Security Consortium (WASC).
- The Open Web Application Security Project (OWASP).
- The National Institute of Standards and Technology (NIST).
- The Common Weakness Enumeration (CWE) category system.
- The SysAdm, Audit, Network, Security (SANS) Institute.
Fundamentals of a Secure Environment
- CIA: Confidentiality, integrity, availability.
- Policies and standards.
- Acquiring secure software.
- Training.
- Secure architecture.
- Physical security.
- Introduction to secure SDLC.
Common Attack Categories
- Insecure interaction between components.
- Risky resource management.
- Poroous defences.
OWASP Top 10 Web Application Vulerabilities
- Injection.
- Broken authentication and session management.
- Sensitive data exposure.
- XML external entity (XXE).
- Broken access control.
- Security misconfiguration.
- Cross-site xcripting (XSS).
- Insecure deserialization.
- Using components with known vulnerabilities.
- Insufficient logging & monitoring.
- Definitions, explanations and examples.
- Countermeasures.
Other Common Vulnerabilities
- Clickjacking.
- Cross-Site Request Forgery (CSRF).
- Server Side Request Forgerty (SSRF).
- Definitions, explanations and examples.
- Countermeasures.
Testing and Monitoring
- Static application security testing.
- Dynamic application security testing.
- Interactive application security testing.
- Runtime application self-protection.
- Monitoring tools.
Secure Development Approach
- The secure SDLC.
- Threat modelling.
- Source code review.
- Common dangerous programming practices.
- Common development mistakes.
Secure Design Principles and Best Practices
- Defense in depth.
- Fail safe.
- Least privilege.
- Separation of duties.
- Economy of mechanism.
- Complete mediation.
- Open design.
- Least common mechanism.
- Psychological acceptability.
- Weakest link.
- Leveraging existing components.