 Attacking and Defending Web Applications
Course Overview
Event Summary:
Dates &
Locations: |
Schedule a Training Event |
| Schedule: |
2 Days, 8:30AM - 5:00 PM
(Registration & continental breakfast
starts at 8:15 AM) |
| Prof. Credits: |
16 CISSP CPE's |
| Registration: |
For more information on registration costs or group discounts please contact training@securityps.com |
| |
|
|
Get up to speed on one of the most critical security topics in the business world.
Security PS has been educating application developers, architects, QA personnel, and security professionals about the risks, security principles, and security best practices of application security for years. Now, with an extended hands-on course, Security PS is offering the opportunity to not only learn these concepts from top industry experts, but also to participate in live application hacking exercises and challenges to attain a new level of understanding of this critical security area.
Attendees will get hands on experience and gain a solid understanding of top web application vulnerabilities such as session fixation, cross site scripting, SQL injection, cross site request forgery, privilege escalation, bypassing authentication and access controls, weak use of cryptography, and gathering information from the application that enables attackers to worm past defenses. Each module will explain and demonstrate modern attacks, common pitfalls, and proven best practices for building defenses as they apply to modern web applications and important technologies such as Web Services and AJAX.
Summary
The course takes attendees through a series of modules designed to teach the security principles, best practices, and attacks with live demonstrations and hands-on exercises.
Benefits
These concepts will help you and your team:
- Gain in-depth insight to web application security weaknesses and vulnerabilities
- Learn how attackers exploit weaknesses to make high risk threats a reality
- Gain hands-on experience with identifying and exploiting the top web application security weaknesses
- Learn the proven security best practices for software development that mitigate these risks
- And much more...
Discussions and Exercises Cover Major Application Security Categories:
- Information Gathering
- Authentication
- Session Security
- Authorization and Access Controls
- Data Validation & Encoding (2 modules)
- Use of Cryptography in Applications
- Security in The Software Development Lifecycle
- Concept of Threat Modeling and Code Reviews
- Application Security Tools
Labs include executing and defending against:
- Cross Site Scripting (XSS) and variations
- SQL injection / blind SQL injection
- Cross Site Request Forgery (CSRF)
- Session hijacking, session fixation
- Parameter manipulation / injection
- Web Services and AJAX vulnerabilities
- Authentication weaknesses (including common multi-factor pitfalls)
- Encoding and encryption pitfalls
- Top access control weaknesses
- Many other top attacks and best practice defenses...
Registration
To register for this training contact our training coordinator. All registrations must be received within one week of the event to receive confirmation of availability.
Group discounts
Group discounts are available for organizations who register five or more people for an event. This discount cannot be combined with any other discount or offer. For more information on group discounts contact training@securityps.com
Further Information
For more information regarding Security PS' web application security training or services, click here.
Cancellation and Refund Policy: Cancellations received by phone, email, or fax at least 2 weeks before the event date will be refunded the attendee's cost minus a $100 cancellation fee for each person(s) unable to attend. After this time, no refunds will be given.
|
