Securing Web Applications, Services and Servers

DURATION

5 days

DATE

13 – 17 Aug, 10-14 Sep, 8-12 Oct, 12-16 Nov, 3-7 Dec 2018

FEE

£3850

LOCATION

Holiday Inn Express Hotel 1 Priddys Yard Croydon CR0 1TS

Course Description

Organizations must apply penetration testing tools to ensure the security of their web applications and limit their vulnerability against cyber-attacks. In this training course, you gain in-depth experience securing web-based applications and host servers, and learn how to integrate robust security measures into the web application development process by adopting proven architectures and best practices.

Course Objective:

You Will Learn How To

  • Implement and test secure web applications in your organization
  • Identify, diagnose, and remediate the OWASP top ten web application security risks
  • Configure a web server to encrypt web traffic with HTTPS
  • Protect Ajax-powered applications and prevent JSON data theft
  • Secure XML web services with WS-Security

Who should attend

Those who want to implement, test and deploy secure web applications. Experience developing web applications and basic knowledge of application server administration are assumed. No previous knowledge of security is assumed.

This course can also be taken in

Accra:22-26Jan, 16-20 Apr, 7-11 May, 13-17Aug, 12-16Nov 2018

Dubai:22-26Jan, 16-20 Apr, 7-11 May, 13-17Aug, 12-16Nov 2018

Course Content

Setting the Stage

  • Defining threats to your web assets
  • Surveying the legal landscape and privacy issues

Establishing Security Fundamentals Modeling web security

  • Achieving Confidentiality, Integrity and Availability (CIA)
  • Performing authentication and authorization

ForecastingSecuring communication with SSL/TLS

  • Obtaining and installing server certificates
  • Enabling HTTPS on the web server

Detecting unauthorized modification of content

  • Configuring permissions correctly
  • Scanning for file–system changes

Implementing Web Application Security Employing OWASP resources

  • The Open Web Application Security Project (OWASP) top ten
  • Remediating identified vulnerabilities

Securing database and application interaction

  • Uncovering and preventing SQL injection
  • Defending against an insecure direct object reference

Managing session authentication

  • Protecting against session ID hijacking
  • Blocking cross–site request forgery

Controlling information leakage

  • Displaying sanitized error messages to the user
  • Handling request and page faults

Performing input validation

  • Establishing trust boundaries
  • Removing the threat of Cross–Site Scripting (XSS)
  • Exposing the dangers of client–side validation
  • Implementing robust server–side input validation with regular expressions

Controlling information leakage

  • Displaying sanitized error messages to the user
  • Handling request and page faults

Performing input validation

  • Establishing trust boundaries
  • Removing the threat of Cross–Site Scripting (XSS)
  • Exposing the dangers of client–side validation
  • Implementing robust server–side input validation with regular expressions

Enhancing Ajax Security Ajax features

  • Identifying core Ajax components
  • Exchanging information asynchronously

Assessing risks and evaluating threats

  • Managing unpredictable interactions
  • Exposing Ajax vulnerabilities
  • Securing XML Web Services

Diagnosing XML vulnerabilities

  • Identifying nonterminated tags and field overflows
  • Uncovering web service weaknesses

Protecting the SOAP message exchange

  • Validating input with an XML schema
  • Encrypting exchanges with HTTPS
  • Implementing WS–Security with a framework
  • Scanning Applications for Weaknesses

Operating and configuring scanners

  • Matching patterns to identify faults
  • “Fuzzing” to discover new or unknown vulnerabilities

Detecting application flaws

  • Scanning applications remotely
  • Finding vulnerabilities in web applications with OWASP and third–party penetration testing tools

Adopting standards

  • Reducing risk by implementing proven architectures
  • Handling personal and financial data

Managing network security

  • Modeling threats to reduce risk
  • Integrating applications with your network architecture

Book this course

please send us your details & someone from our team will get back to you

Securing Web Applications, Services and Servers

9 + 12 =

Upcoming Courses

Petroleum risk and decision analysis

5 days 24-28 February 2020£3950Holiday Inn Express Hotel, London Croydon 1 Priddys Yard Croydon, CR0 1TS London, United Kingdom.  Running a successful petroleum operation...

Project and Resource Management

(Part of  oil and gas)5 days 23-27 March 2020£3950 Holiday Inn Express Hotel, London Croydon, 1 Priddys Yard Croydon CR0 1TS London United KingdomRunning a successful petroleum...

Risk Assessment & Risk Management in the Oil & Gas Industry

(Part of Oil and Gas) 5 days20-24 April 2020 £3950Holiday Inn Express Hotel, London Croydon, 1 Priddys Yard Croydon, CR0 1TS London, United Kingdom This training course will...

Essentials Of Contracting And Contract Negotiation

5 days 18-22 May 2020 £3950 Holiday Inn Express Hotel 1 Priddys Yard Croydon CR0 1TS LONDON The Essentials of Contracting and Contract Negotiation training course will help...

Coaching And Mentoring For Leaders And Managers

      5 days 8 -12 Jul, 4 - 8 Nov, 9 - 18 Dec 2019 £3850 Jurys Inn Croydon Wellesley Rd, Croydon CR0 9XY Leaders and managers are not generally looking to become...

Strategy and Effective Performance Management

      5 days 23-27 Mar 2020 £3950 Holiday Inn Express Hotel,London Croydon,1 Priddys Yard CroydonCR0 1TSLondon, United Kingdom. Strategy and Effective Performance...

LOCATION