• Classroom
  • Online, Instructor-Led
  • Online, Self-Paced
Course Description

The Securing Web Applications course teaches security professionals how to build, harden, and assess web applications so that they can be proactive in taking appropriate measures to mitigate threats against their information systems. This course covers a breadth of topics, including core web technologies, core security principles, common vulnerabilities, finding and exploiting vulnerabilities, and building an organizational approach to security that is effective and repeatable.

This course is designed as a wide overview with enough depth and detail to add new tools to even the most seasoned administrator?s tool belt. The skills gained from this class can help ensure that your organization is ready to secure itself against threats old and new.

Learning Objectives

  • Web Technology Primer
    • Architectures
    • HTML, HTTP, CSS
    • JavaScript
    • Lab: Web Inspector
    • Server Side Scripting
    • Structured Query Language (SQL)
    • Same Origin Policy
    • Lab: Same Origin Policy
  • Passwords & Hashes:
    • Hash Functions
    • Cryptographic Hash Functions
    • Lab: Cryptographic Hashes
    • Authentication & Credentials
    • Securing Credentials
    • Secure Password Storage
    • Lab: Password Cracking
  • Web Cryptography
    • Symmetric Encryption
    • Asymmetric Encryption
    • Transport Layer Security (TLS)
    • Public Key Infrastructure (PKI)
    • Lab: Examining TLS Man-in-the-middle
    • Configuring A TLS Web Server
    • Wrapping An Existing Web App
    • Lab: Configure a TLS Server
  • Cookies & Sessions
    • How Sessions Work
    • Cookie Security
    • Lab: Session Hijacking
  • Common Web Vulnerabilities
    • SQL Injection (SQLI)
    • Cross Site Scripting (XSS)
    • Cross Site Request Forgery (CSRF)
    • Shell Injection
    • Lab: Detecting & Exploiting Common Web Flaws
  • Web Services
    • Representational State Transfer (REST)
    • Simple Object Access Protocol (SOAP)
    • WS-Security
    • Lab: POSTMan REST API Explorer
  • Server Hardening
    • Attack Surface Area
    • Third Party Software
    • Firewalls
    • Lab: Nmap
  • Software Assurance
    • Philosophy Of Security
    • Terminology
    • Static Analysis
    • Lab: Static Analysis
    • Dynamic Analysis
    • Fuzzing
    • Lab: Web Scanners
  • Putting It Altogether
    • Software Development Lifecycle (SDLC)
    • Secure Lifecycle Development
    • DevOps
    • Lab: Secure Development Lifecycle
  • Emerging Security Standards
    • In-browser XSS Prevention
    • Cross Origin Resource Sharing (CORS)
    • Content Security Policy (CSP)
    • Sandboxed Frames
    • HTTP Strict Transport Security (HSTS) Final Exam
    • Brief Review
    • Take Exam
    • Exam Review

Framework Connections