Attacking and Defending Web Applications
Course Overview
Get up to speed on one of the most critical security topics in the business world.
Security PS has been educating application developers, architects, QA personnel, and security professionals about the risks, security principles, and security best practices of application security for years. Now, with an extended hands-on course, Security PS is offering the opportunity to not only learn these concepts from top industry experts, but also to participate in live application hacking exercises and challenges to attain a new level of understanding of this critical security area.
Attendees will get hands on experience and gain a solid understanding of top web application vulnerabilities such as session fixation, cross site scripting, SQL injection, cross site request forgery, privilege escalation, bypassing authentication and access controls, weak use of cryptography, and gathering information from the application that enables attackers to worm past defenses. Each module will explain and demonstrate modern attacks, common pitfalls, and proven best practices for building defenses as they apply to modern web applications and important technologies such as Web Services and AJAX.
Summary
The course takes attendees through a series of modules designed to teach the security principles, best practices, and attacks with live demonstrations and hands-on exercises.
Benefits
These concepts will help you and your team:
- Gain in-depth insight to web application security weaknesses and vulnerabilities
- Learn how attackers exploit weaknesses to make high risk threats a reality
- Gain hands-on experience with identifying and exploiting the top web application security weaknesses
- Learn the proven security best practices for software development that mitigate these risks
- And much more...
Discussions and Exercises Cover Major Application Security Categories:
- Information Gathering
- Authentication
- Session Security
- Authorization and Access Controls
- Data Validation & Encoding (2 modules)
- Use of Cryptography in Applications
- Security in The Software Development Lifecycle
- Concept of Threat Modeling and Code Reviews
- Application Security Tools
Labs include executing and defending against:
- Cross Site Scripting (XSS) and variations
- SQL injection / blind SQL injection
- Cross Site Request Forgery (CSRF)
- Session hijacking, session fixation
- Parameter manipulation / injection
- Web Services vulnerabilities
- Authentication weaknesses (including common multi-factor pitfalls)
- Encoding and encryption pitfalls
- Top access control weaknesses
- Many other top attacks and best practice defenses...
Registration
To register for this training, use the PDF registration form provided below.All
registrations must be received within two weeks of the event to receive confirmation
of availability. (Late registration fee may apply.)
| Download Form: |
Registration PDF 
|
| Fax To: |
Security PS Training Coordinator +1 (913) 888-2120 |
| Or Call: |
Local: +1 (913) 888-2111
Toll Free: +1 (877) 977-7462
|
|
Further Information
For more information regarding Security PS' web application security training or services, click here.
Cancellation and Refund Policy:
Cancellations received by phone, email, or fax at least 2 weeks before the event date will be refunded the attendee's cost minus a $50 cancellation fee for each person(s) unable to attend. After this time, no refunds will be given.
|