Web Application Security, prevent exploitation, vulnerabilities

Web Application Security

Roll over the picture, click to view some demo slides

Course Number	1310
Price NIS before VAT	1300 (2120)
Duration (Days)	2
Language	English/Hebrew
Level	Advanced

Jan	Feb	Mar	Apr	May	Jun

Jul	Aug	Sep	Oct	Nov	Dec
		15-16			28-29

		+972 3 9247780 ext. 3
		Tell about this course to a friend

Available training formats

The internet environment and the web technologies are facing unique threats from the information security perspective. While in the past most of the focus was on securing the network infrastructure, in the last years focus has been shifted from the network and the infrastructure to the application layer. This is due to the fact that the infrastructure (i.e. network and OS) security has improved significantly while web applications has remained vulnerable. Thus, the application layer has become the main target of attacks.

In the course we will discuss how the traditional application aspects like, authentication, confidentiality and data integrity apply to web applications (including the emerging standards for authentication (OpenID)). In addition, we will learn in depth what web application vulnerabilities are, what causes them, how to prevent them from design/coding and testing perspectives, and what countermeasure are required to prevent exploitation of these vulnerabilities.

We will cover both the vulnerabilities that are common in traditional web applications (or first generation web applications), as well as the vulnerabilities that are unique to Web 2.0 (or AJAX based) web applications.

The unique security aspects and challenges of web applications

Confidentiality and Data-Integrity

Overview of the requirements
How encryption and hash function are used to address these requirements
How the SSL protocol that is used to secure HTTP traffic, utilizes encryption technologies to provide confidentiality and data integrity to HTTP traffic

Authentication

Overview of the requirements
The different technologies used for user authentication
Authentication in the first generation of web application
OpenID - the emerging standard for Web 2.0 applications

Web application vulnerabilities: for each type of vulnerability we will discuss:

What is the vulnerability, and how it can be used by attackers
What are the causes to each type of vulnerability
How to prevent the vulnerability by proper design/coding practices
How to detect if the vulnerability exists using the various testing tools
How to mitigate the risk associated with each type of vulnerability

The new security threats associated with AJAX and web 2.0 technologies

Conclusion
Glossary

Understanding the HTTP protocol (at least a general understanding), including the request-response concept, HTTP headers, HTTP cookies, etc.
Understanding HTML and being able understand a HTML page
Understanding JavaScript, and being able to understand a script written in JavaScript.

You consider we have missed something in the syllabus? Call us 972-3-9247780 ext. #3 or E-mail us

and we shall dispel your doubts.

Others who took this course also took the following course/courses:

right now and we shall contact you immediately.