Web Application Security Essentials (.NET)

PT9935
Training Summary
This class teaches developers how to protect against the most dangerous, costly, and prevalent threats to the security of websites, both internal and external. Students will not only learn to identify these threats but will also leave the class with practical and workable defenses for each one. You'll be given an e-commerce website to practice on. After learning about each attack type, you'll carry out the attack. Then you'll harden your website using what was learned in the lecture and watch the attack fail the second time. This hands-on approach will anchor your understanding of web application security. The lectures are packed with interesting stories from newspaper headlines and videos as practical examples of each of the attacks. You will learn how the hackers successfully carried out those attacks, including the tools used so that we know precisely how to defend our sites against these attacks and ones like them. We will focus on OWASP’s Top Ten Security Threats, seeing examples, learning hackers’ methods, and the best practices for protecting our sites against similar attacks.
Prerequisites
There are no prerequisites for this course.
Duration
5 Days/lecture & Labs
Audience
This class is most appropriate for intermediate to advanced developers who want to enhance their knowledge of security threats and who want to know the practical steps on how to protect their web applications.
Course Topics
Overview of web security
  • Overview of the OWASP top ten vulnerabilities
  • Overview of the CWE/SANS top 25 vulnerabilities
  • Clickjacking
  • Phishing
  • Denial of service attacks
  • A10 Underprotected APIs
  • A9 Using components with known vulnerabilities
  • A8 Cross-site request forgery
  • Cryptography overview
  • A7 Insufficient attack protection
  • A6 Sensitive data exposure
  • Password management
  • A5 Security misconfiguration
  • A4 Broken access control
  • Padding oracle attack
  • Information leakage and improper error handling
  • A3 Cross site scripting
  • A2 Broken authentication and session management
  • A1 Injection flaws
  • Bringing the top ten together – best practices for security overall.

Related Scheduled Courses