Security PS: Strategic Information Security

New Application Security Resource "The App Sec Advisor"

Tips for Avoiding Bad Authentication Challenge Questions - White Paper

New On-Demand Web Cast: The AppSec Maturity Continuum.

Attacking and Defending Web Applications

Course Overview

Event Summary:

Dates & Locations:	Click For Scheduled Training Events
Duration:	2 Days
Schedule:	8:30AM - 5:00 PM (Registration & continental breakfast starts at 8:15 AM)
Prof. Credits:	16 CPE's
Cost:	$1895 (Group Discounts Available)
Download:	Event PDF Registration PDF

Get up to speed on one of the most critical security topics in the business world.

Security PS has been educating application developers, architects, QA personnel, and security professionals about the risks, security principles, and security best practices of application security for years. Now, with an extended hands-on course, Security PS is offering the opportunity to not only learn these concepts from top industry experts, but also to participate in live application hacking exercises and challenges to attain a new level of understanding of this critical security area.

Attendees will get hands on experience and gain a solid understanding of top web application vulnerabilities such as session fixation, cross site scripting, SQL injection, cross site request forgery, privilege escalation, bypassing authentication and access controls, weak use of cryptography, and gathering information from the application that enables attackers to worm past defenses. Each module will explain and demonstrate modern attacks, common pitfalls, and proven best practices for building defenses as they apply to modern web applications and important technologies such as Web Services and AJAX.

Summary

The course takes attendees through a series of modules designed to teach the security principles, best practices, and attacks with live demonstrations and hands-on exercises.

Benefits

These concepts will help you and your team:

Gain in-depth insight to web application security weaknesses and vulnerabilities
Learn how attackers exploit weaknesses to make high risk threats a reality
Gain hands-on experience with identifying and exploiting the top web application security weaknesses
Learn the proven security best practices for software development that mitigate these risks
And much more...

Discussions and Exercises Cover Major Application Security Categories:

Information Gathering
Authentication
Session Security
Authorization and Access Controls
Data Validation & Encoding (2 modules)
Use of Cryptography in Applications
Security in The Software Development Lifecycle
Concept of Threat Modeling and Code Reviews
Application Security Tools

Labs include executing and defending against:

Cross Site Scripting (XSS) and variations
SQL injection / blind SQL injection
Cross Site Request Forgery (CSRF)
Session hijacking, session fixation
Parameter manipulation / injection
Web Services vulnerabilities
Authentication weaknesses (including common multi-factor pitfalls)
Encoding and encryption pitfalls
Top access control weaknesses
Many other top attacks and best practice defenses...

Registration

To register for this training, use the PDF registration form provided below.All registrations must be received within two weeks of the event to receive confirmation of availability. (Late registration fee may apply.)

Download Form:	Registration PDF
Fax To:	Security PS Training Coordinator +1 (913) 888-2120
Or Call:	Local: +1 (913) 888-2111 Toll Free: +1 (877) 977-7462

Further Information

For more information regarding Security PS' web application security training or services, click here.

Cancellation and Refund Policy: Cancellations received by phone, email, or fax at least 2 weeks before the event date will be refunded the attendee's cost minus a $50 cancellation fee for each person(s) unable to attend. After this time, no refunds will be given.