Web App Security - Defending Against OWASP Top 10 Exploits

PT8554
Training Summary
This class is designed to raise awareness of the most dangerous, costly, and prevalent threats to the security of websites, both internal and external. Students will not only learn to identify these threats but will also leave the class with practical and workable defenses for each one.You'll be given an e-commerce website to practice on. After learning about each topic, you'll carry out the attack on that actual website. Then you'll harden your website against that attack using what was learned in the lecture and watch the attack fail the second time. This hands-on approach will anchor your understanding of web application security.The lectures are packed with interesting stories from newspaper headlines and videos as practical examples of each of the attacks. You will learn how the hackers successfully carried out those attacks, including the tools used so that we learn exactly how to defend our sites against these attacks and ones like them.We will focus on OWASP's Top Ten Security Threats, seeing examples, learning hackers' methods, and the best practices for protecting our sites against similar attacks.
Prerequisites
There are no prerequisites for this course.
Duration
5 Days/Lecture & Lab
Audience
This class is most appropriate for intermediate to advanced developers who want to enhance their knowledge of security threats and who want to know the practical steps on how to protect their web applications.
Course Topics
  • Overview of web security
  • Secure Coding Principles
  • Threat Risk Modeling
  • A10 Unvalidated redirects and forwards
  • Fuzz testing
  • A9 Insufficient transport layer protection
  • Denial of service attacks
  • A8 Failure to restrict URL access
  • Cryptography overview
  • A7 Insecure cryptographic storage
  • Phishing attacks
  • A6 Security misconfiguration
  • ASP.NET Authentication and Authorization
  • Using it with MVC and WebForms
  • Password management
  • A5 Cross site request forgery
  • ClickJacking
  • A4 Insecure direct object references
  • Web services security
  • Padding oracle attack
  • Information leakage and improper error handling
  • Code access security
  • Role-based security
  • A3 Broken authentication and session management
  • Visual Studio Code Analysis
  • A2 Cross site scripting
  • A1 Injection flaws
  • Bringing the top ten together - best practices for security

Related Scheduled Courses