Cyber security is a serious challenge today as attackers specifically target web application vulnerabilities. This seminar is an introduction to application security threats, demonstrating the security problems that exist in the corporate systems with a strong emphasis on application security and secure design. During this seminar we cover the major security vulnerabilities including the OWASP top 10 vulnerabilities, and secure-design & coding best practices when designing and developing web applications & server based services.

Doelstellingen

This seminar main objective is:

  • raising the awareness on the problems that might occur without secure coding practices.
  • teach your important role in the corporate effort to secure its systems, while utilizing information security best practices.
  • to learn about the threat landscape and the controls you should use during the software development lifecycle.

Uw resultaten

In this course you will learn how to:

  • understand the concepts and terminology behind defensive, secure, coding.
  • appreciate the magnitude of the problems associated with web application security and the potential risks associated with those problems.
  • understand the consequences for not properly handling untrusted data such as denial of service, cross-site scripting, and injections.
  • understand the vulnerabilities of associated with authentication and authorization.
  • understand techniques and measures that can used to harden web and application servers as well as other components in your infrastructure.

Bestemd voor

All members of the development team:

  • Developers
  • Application security analysts
  • Team leaders
  • Testers / QA
  • Designers & architects
  • Managers

Before attending this course, you should be familiar with:

  • basic knowledge of information systems
  • background knowledge in networking, the internet and the www
  • development background with internet applications, using at least one of those languages: .NET, Java, PHP, AP, C/C++.

Programma

1. Application Security - What is the problem?

  • Web Application Security Problem
  • Application Security Myths
  • State-of-Practice in Secure Software Development

2. Application Level Attacks - Learning the Attacker's Techniques

  • HTTP fundamentals
  • OWASP top 10 web application risks
  • Broken Authentication and Session Management
  • Broken Authorization Schema
  • Injections (e.g. SQL injection, command injection, etc.)
  • Cross Site Scripting (XSS)
  • Cross Site Request Forgery (CSRF)
  • Denial of Service (DoS)
  • Browser Manipulation Attacks
  • Unvalidated Redirects and Forwards
  • Information Leakage
  • Business Logic Attacks
  • Upload File Backdoors
  • Insecure Cryptographic Storage
  • SSL & Digital Signatures
  • Events Logging

3. Security countermeasures and best practices

  • Authentication best practices
  • Brute Force Countermeasures
  • Account lockout vs CATPCHA
  • Securing passwords
  • Authorization best practices
  • SQL injection countermeasures
  • Output encoding & input validation techniques
  • Cross Site Request Forgery (CSRF) countermeasures
  • Replay attacks countermeasures
  • File upload/download countermeasures
  • Security logging - what to log and what not to log

4. Take-away

  • “Build in” Software Assurance
  • Software Assurance Quick Start

All chapters include: hands-on demonstrations and interactive questions.

Docent(en)

cr-01839274

Sebastien Deleersnyder

Toreon provides the experienced trainer Sebastien Deleersnyder to share his practical application security experience. Sebastien led engagements in the domain of ICT-security, Web and Mobile Security with several customers including BNP Paribas Fortis, Atos Worldline, KBC, Nationale Nederlanden (ING), Isabel, Fluxys, OLAF, EU Council, TNT Post, Flemish Community, Agfa-Gevaert and ING Insurance International. Sebastien is the Belgian OWASP Chapter Leader, served as vice-chair of the global OWASP Foundation Board and performed several public presentations on Web Application, Mobile and Web Services Security. Furthermore, Sebastien co-founded the yearly BruCON conference.

Praktische informatie

Prijs: 749 EUR (excl btw)

De opleidingen van Kluwer Opleidingen komen in aanmerking voor verschillende subsidies. Handig: zo betaalt u zelf maar een deel van het inschrijvingsgeld.

  • Tot 40% subsidie met KMO portefeuille. Meer info vindt u hier.

Incompany: Hebben meerdere collega’s behoefte aan deze opleiding? En trekt u liever niet naar een andere plaats? Breng de opleiding naar uw afdeling of onderneming: handig! Bovendien spitst de trainer zich dan toe op uw situatie, op uw sector en op de vragen van uw medewerker. Vraag uw incompany opleiding aan.

Inschrijven