|
Introduction to Web Application Security
Duration: One day
Structure: A combination of theory, practical examples, and hands-on training
Max. Class Size: 20 students
Course Summary ::
This one-day workshop provides an overview of the fundamental principles of Web application security. This session presents students with an understanding of how Web applications work, how vulnerabilities manifest in them, how to find and exploit those vulnerabilities, and solutions for protecting Web applications.
Who Should Attend ::
Anyone interested in identifying vulnerabilities in Web applications, (IT staff, managers, system architects, information security professionals, etc.) and developers who want to understand Web application vulnerabilities and attack scenarios.
Prerequisites ::
Attendees should be comfortable with Web browsers. Basic HTML familiarity is helpful but not required.
Student Materials ::
WhiteHat will provide the following:
– A CD of tools and reference materials
– Access to a fully-featured sample Web application for hands-on
practical exercises
– Written course materials
– A certificate of completion
Attendees should bring:
– A laptop running Windows that can access the Internet, on which the
student has sufficient privileges to install software
– Firefox version 2 or higher, and Internet Explorer version 7 or higher installed
– Current versions of Flash and Adobe Acrobat reader
Benefits ::
This course will help you:
– Understand the elements that can make a Web application an easy target
– Understand hackers’ tools and techniques
– Understand how to identify and improve the vulnerabilities in Web applications
– Be able to test and exploit vulnerabilities in your web applications
using freely available tools
Course Details ::
I. Background
– Evolution of Web applications
– Issues with Web applications
– Web application vulnerabilities
II. Technologies
– HTTP protocol
– Overview of client-side technologies
– What is a Web server? What is an application server, and how does
it work with the Web server?
– Overview of server-side technologies
– Components of a dynamic Web application: authentication, authorization,
session management
– Request/response flow: Walk through the flow of events from
loading a website through logging in, using an application, logging
out, and closing your browser
– Encoding/decoding URLs, character sets, and HTML entities
III. Anatomy of an Attack
– How do people exploit Web applications
– Why you can never trust anything that comes from the client
IV. Top Web Application Attacks and Vulnerabilities
– Overview of the top Web application vulnerabilities
– How those vulnerabilities were introduced and how they can be avoided
– Concepts, examples, case studies, and scenarios for each class of attack,
such as cross-site scripting (XSS), SQL injection, etc.
V. Solutions for protecting your Applications
– Solutions that can improve the security of you Web applications
– Identifying the weaknesses in your Web application
– Remediation
|
Sign Up For a Corporate Class :: Send an email to Education Services. Please include your: name, company name, phone number, the number of students, and which course(s) you are interested in.
Sign Up For a Public Class :: If you are interested in attending a public class contact Education Services. Let us know where you are located, and we will get back to you with information on classes near you.
|
