0800 282 353 or +44 1372 364610
TRAINING YOU CAN TRUST
 
 

Securing Web Applications, Services and Servers: Hands-On

 
Course: 940   Type: Hands-On Training   Duration: 4 Days
 
 

You Will Learn How To

  • Implement and test secure Web applications in your organisation
  • Identify, diagnose and correct the most serious Web application vulnerabilities
  • Configure a Web server to encrypt Web traffic with HTTPS
  • Protect Ajax-powered Web 2.0 applications
  • Secure XML Web services with WS-Security
  • Audit Web application security with source-code and application scanning

Course Benefits

Attackers today are targeting Web application vulnerabilities more than operating systems and networks. These vulnerabilities can be exploited to obtain confidential information and compromise organisational integrity. As a result, organisations must integrate robust security measures into the Web application development process. This course provides in-depth, hands-on experience securing Web-based applications and host servers.

Who Should Attend

Those who want to implement, test and deploy secure Web applications. Experience developing Web applications and a basic knowledge of Web server administration are assumed. No prior knowledge of security is required.

Hands-On Training

Throughout this course, extensive hands-on exercises based on an evolving case study provide you with practical experience in securing applications. Exercises include:
  • Creating a trust boundary with proper input validation
  • Avoiding cross site scripting (XSS) and cross site request forgery (CSRF/XSRF)
  • Preventing SQL injection vulnerabilities
  • Implementing URL access restrictions
  • Detecting unauthorised file system modification
  • Enabling HTTPS on a Web server
  • Protecting Web services with WS-Security
  • Identifying vulnerabilities with an application scanner

Related Courses

  • 589 Vulnerability Assessment
  • 537 Ethical Hacking and Countermeasures
  • 577 Building XML Web Services with Java
  • 513 Windows Communication Foundation (WCF)
  • 508 Building Web Services with .NET 2.0
  • 986 Developing Ajax Web 2.0 Applications
  • 424 Service-Oriented Architecture Introduction
  • 289 Disaster Recovery Planning
  • 340 Project Management for Software Development

   Securing Web Applications, Services and Servers

Upcoming Dates

4 - 7 Nov, 2008
London
13 - 16 Jan, 2009
London
17 - 20 Mar, 2009
London
16 - 19 Jun, 2009
London
15 - 18 Sep, 2009
London

For complete schedule, please visit www.learningtree.co.uk
 
http://www.learningtree.co.uk/courses/uk940.htm
 
 
0800 282 353 or +44 1372 364610
TRAINING YOU CAN TRUST
 
 

Securing Web Applications, Services and Servers: Hands-On

 
Course: 940   Type: Hands-On Training   Duration: 4 Days
 
 
Course Content
 

Setting the Stage

  • Defining threats to your Web assets
  • Surveying the legal landscape and privacy issues
  • Exploring common vulnerabilities

Establishing Security Fundamentals

Modelling Web security

  • Achieving Confidentiality, Integrity and Availability (CIA)
  • Performing authentication and authorisation

Encrypting and hashing

  • Distinguishing public- and private-key cryptography
  • Verifying message integrity with message digests, digital signatures and digital certificates

Augmenting Web Server Security

Configuring security for HTTP services

  • Managing software updates
  • Restricting HTTP methods

Securing communication with SSL/TLS

  • Obtaining and installing server certificates
  • Enabling HTTPS on the Web server
  • Protecting the exchange of credentials

Detecting unauthorised modification of content

  • Configuring permissions correctly
  • Scanning for file-system changes

Implementing Web Application Security

Employing OWASP resources

  • The Open Web Application Security Project (OWASP) Top Ten
  • Recognising critical security faults
  • Remediating identified vulnerabilities

Securing database and application interaction

  • Uncovering and preventing SQL injection
  • Defending against an insecure direct object reference
  • Limitations of encrypting database content

Managing session authentication

  • Protecting against session ID hijacking
  • Enforcing URL access control
  • Blocking cross-site request forgery

Controlling information leakage

  • Displaying sanitised error messages to the user
  • Handling request and page faults

Performing input validation

  • Establishing trust boundaries
  • Revealing and removing the threat of cross site scripting (XSS)
  • Exposing the dangers of client-side validation
  • Preventing E-shoplifting

Enhancing Ajax Security

Ajax features

  • Identifying core Ajax components
  • Exchanging information asynchronously

Assessing risks and evaluating threats

  • Managing unpredictable interactions
  • Exposing JSON vulnerabilities

Securing XML Web Services

Diagnosing XML vulnerabilities

  • Identifying non-terminated tags and field overflows
  • Uncovering Web service weaknesses

Protecting the SOAP message exchange

  • Validating input with an XML schema
  • Encrypting exchanges with HTTPS
  • Implementing WS-Security with a framework
  • Authenticating access to Web services

Scanning Applications for Weaknesses

Operating and configuring scanners

  • Matching patterns to identify faults
  • "Fuzzing" to discover new or unknown vulnerabilities

Detecting application flaws

  • Scanning applications remotely
  • Strategies for testing and scanning
  • Testing Web applications with Netcat, Cryptcat and Wget
  • Intercepting traffic with OWASP WebScarab

Best Practices for Web Security

Adopting standards

  • Reducing risk by implementing proven architectures
  • Handling personal and financial data
  • Developing guidelines for logging

Managing network security

  • Modelling threats to reduce risk
  • Integrating applications with your network architecture
 
http://www.learningtree.co.uk/courses/uk940.htm
 
 
0800 282 353 or +44 1372 364610
TRAINING YOU CAN TRUST
 
 

Securing Web Applications, Services and Servers: Hands-On Tuition

 
Course: 940   Type: Hands-On Training   Duration: 4 Days
 
 

Course 940 Tuition

£ 1,695Standard Tuition
Tuition with a Savings Plan
£ 98010-Day Training Pass
£ 995Flex-Training Pass
£ 1,31410-Training Vouchers
£ 1,4045-Training Vouchers
£ 1,525Alumni Gold Tuition

Your Course Fee Entitles You To...

  • Class participation
  • Team workshops
  • Use of in-class hands-on equipment
  • Comprehensive course materials
  • Morning and afternoon refreshments
  • Lunch
  • Course Completion Certificate
  • FREE participation in the Learning Tree Professional Certification Programmes (including related exams)
  
 

Tuition Savings Plans

Flex-Training Pass
  • 3 Courses for £2 ,995
  • As little as £995
  • Savings as much as 50%
  • 3 courses in 24 months
10-Day Training Pass
  • Save as much as £770 per course
  • Any combination of courses
  • Only £2,695
Training Vouchers
  • Save as much as £681 per course
  • Fully transferable
  • As low as £1,314 per course
Alumni Gold Discount Attend your first course and you will receive a personalised Alumni Gold Discount card, entitling you to save as much as £200 on each course you take in the following 24 months. Take just one course every two years, and you will be entitled to ongoing discounts...year after year. You save 10%.
* Exact savings may vary depending on courses selected.

Your Guarantee of Satisfaction

Unless you feel 100% satisfied that Learning Tree delivered even more than you expected, there is no fee for your course attendance. Our Guarantee of Quality lets you experience the value of the course - and then pay only if you feel the course was well worth the fee.

Enrolling is Easy and Flexible!

Enrol by phone or online. If your plans change, just let us know and, without a fee, you can transfer to another course or cancel your enrollment. Pay after you've taken the course, and then only if you are 100% satisfied.
 
http://www.learningtree.co.uk/courses/uk940.htm