Inside the Biggest Web Attacks and How to Defeat Them

Catalog Home Java/Java EE, Open-Source & Web Application Servers Java Application Security

Inside the Biggest Web Attacks and How to Defeat Them

  Add Course to watch list
  View full course outline
  Request in your area

There are no scheduled dates for this course.

  Available by Request

This course teaches the students how to develop secure web applications in today's complex internetworked environment. Students will receive a deep and thorough understanding of the most prevalent and dangerous security defects in today's applications. Additionally, they will learn practical and actionable guidelines on how to remediate against these common defects in Java/J2EE and how to test for them in their own applications.This class starts with a description of the security problems faced by today's software developer, as well as a detailed description of the Open Web Application Security Project's (OWASP) Top 10 of 2010 security defects. These defects are studied in instructor-lead sessions as well as in hands-on lab exercises in which each student learns how to actually exploit the defects to "break into" a real web application. (The labs are performed in safe test environments.)Remediation techniques and strategies are then studied for each defect. Practical guidelines on how to integrate best practices for secure software the software development process are then presented and discussed.

Students should have some software experience.

3 Days/Lecture & Lab

The ideal student for this course is a hands-on web application developer, architect, or information security practitioner with software experience. The course establishes a solid fundamental understanding of today's best practices in secure software development.

  • Preparation Phase Understanding the problem
  • Overview of available solutions
  • Lab setup and demo
  • Exploiting web application weaknesses
  • Secure development processes
  • Introduction to design review exercise
  • Processes in depth - Threat Modeling
  • Threat modeling exercise
  • Processes in depth - Static code analysis
  • Static code analysis exercise
  • Processes in depth - Security testing
  • A day in the life of a web application




< >

Copyright © 2018 ProTech. All Rights Reserved.

Sign In Create Account

Navigation

Social Media