Preferred method of contact:

Securing Web Applications, Services and Servers — GCHQ Certified Training

COURSE TYPE

Intermediate

Course Number

940

Duration

4 Days

PDF Add to WishList

Organizations must apply penetration testing tools to ensure the security of their web applications and limit their vulnerability against cyber attacks. In this web application security training course, you gain in-depth experience securing web services, and learn how to integrate robust security measures into the web application development process by adopting proven architectures and best practices.

You Will Learn How To

  • Implement and test secure web applications in your organisation
  • Identify, diagnose, and remediate the OWASP top ten web application security risks
  • Configure a web server to encrypt web traffic with HTTPS
  • Protect Ajax-powered applications and prevent JSON data theft
  • Secure XML web services with WS-Security

Important Course Information

GCHQ Certified Training and Exam Information:

  • This is a GCHQ Certified Training (GCT) course. GCHQ Certified Training has been recognised for excellence by a UK Government developed cyber security scheme. GCT is part of the UK Government’s initiative to address the shortage of skilled cyber security professionals. The GCT scheme is underpinned by the industry respected IISP framework and assesses the quality of the course materials and the Instructors’ delivery of the course against GCHQ’s exacting standards.
  • Successful completion of the end of course exam will gain you an independent APMG-International GCT certification award.

Course Outline

  • Setting the Stage
  • Defining threats to your web assets
  • Surveying the legal landscape and privacy issues
  • Establishing Security Fundamentals

Modelling web security

  • Achieving Confidentiality, Integrity and Availability (CIA)
  • Performing authentication and authorisation

Encrypting and hashing

  • Distinguishing public– and private–key cryptography
  • Verifying message integrity
  • Augmenting Web Server Security

Configuring security for HTTP services

  • Managing software updates
  • Restricting HTTP methods

Securing communication with SSL/TLS

  • Obtaining and installing server certificates
  • Enabling HTTPS on the web server

Detecting unauthorised modification of content

  • Configuring permissions correctly
  • Scanning for file–system changes
  • Implementing Web Application Security

Employing OWASP resources

  • The Open Web Application Security Project (OWASP) top ten
  • Remediating identified vulnerabilities

Securing database and application interaction

  • Uncovering and preventing SQL injection
  • Defending against an insecure direct object reference

Managing session authentication

  • Protecting against session ID hijacking
  • Blocking cross–site request forgery

Controlling information leakage

  • Displaying sanitised error messages to the user
  • Handling request and page faults

Performing input validation

  • Establishing trust boundaries
  • Removing the threat of Cross–Site Scripting (XSS)
  • Exposing the dangers of client–side validation
  • Implementing robust server–side input validation with regular expressions
  • Enhancing Ajax Security

Ajax features

  • Identifying core Ajax components
  • Exchanging information asynchronously

Assessing risks and evaluating threats

  • Managing unpredictable interactions
  • Exposing Ajax vulnerabilities
  • Securing XML Web Services

Diagnosing XML vulnerabilities

  • Identifying nonterminated tags and field overflows
  • Uncovering web service weaknesses

Protecting the SOAP message exchange

  • Validating input with an XML schema
  • Encrypting exchanges with HTTPS
  • Implementing WS–Security with a framework
  • Scanning Applications for Weaknesses

Operating and configuring scanners

  • Matching patterns to identify faults
  • "Fuzzing" to discover new or unknown vulnerabilities

Detecting application flaws

  • Scanning applications remotely
  • Finding vulnerabilities in web applications with OWASP and third–party penetration testing tools
  • Best Practices for Web Security

Adopting standards

  • Reducing risk by implementing proven architectures
  • Handling personal and financial data

Managing network security

  • Modelling threats to reduce risk
  • Integrating applications with your network architecture
Show complete outline
Show Less

Convenient Ways to Attend This Instructor-Led Course

Hassle-Free Enrolment: No advance payment required to reserve your seat.
Tuition Fee due 30 days after you attend your course.

In the Classroom

Live, Online

Private Team Training

In the Classroom — OR — Live, Online

Tuition Fee — Standard: £2095  

12 - 15 Dec (4 Days)
9:00 AM - 4:30 PM GMT
London / Online (AnyWare) London / Online (AnyWare) Reserve Your Seat

How would you like to attend?

Live, Online
In-Class

3 - 6 Apr (4 Days)
9:00 AM - 4:30 PM BST
London / Online (AnyWare) London / Online (AnyWare) Reserve Your Seat

How would you like to attend?

Live, Online
In-Class

24 - 27 Jul (4 Days)
9:00 AM - 4:30 PM BST
London / Online (AnyWare) London / Online (AnyWare) Reserve Your Seat

How would you like to attend?

Live, Online
In-Class

13 - 16 Nov (4 Days)
9:00 AM - 4:30 PM GMT
London / Online (AnyWare) London / Online (AnyWare) Reserve Your Seat

How would you like to attend?

Live, Online
In-Class

AFTERNOON START: Attend these live courses online via Anyware

19 - 22 Dec (4 Days)
2:00 PM - 9:30 PM GMT
Online (AnyWare) Online (AnyWare) Reserve Your Seat

How would you like to attend?

Live, Online

23 - 26 Jan (4 Days)
2:00 PM - 9:30 PM GMT
New York / Online (AnyWare) New York / Online (AnyWare) Reserve Your Seat

How would you like to attend?

Live, Online
In-Class

13 - 16 Mar (4 Days)
1:00 PM - 8:30 PM GMT
Herndon, VA / Online (AnyWare) Herndon, VA / Online (AnyWare) Reserve Your Seat

How would you like to attend?

Live, Online
In-Class

10 - 13 Apr (4 Days)
2:00 PM - 9:30 PM BST
Rockville, MD / Online (AnyWare) Rockville, MD / Online (AnyWare) Reserve Your Seat

How would you like to attend?

Live, Online
In-Class

19 - 22 Jun (4 Days)
2:00 PM - 9:30 PM BST
Online (AnyWare) Online (AnyWare) Reserve Your Seat

How would you like to attend?

Live, Online

11 - 14 Sep (4 Days)
2:00 PM - 9:30 PM BST
Herndon, VA / Online (AnyWare) Herndon, VA / Online (AnyWare) Reserve Your Seat

How would you like to attend?

Live, Online
In-Class

9 - 12 Oct (4 Days)
2:00 PM - 9:30 PM BST
Rockville, MD / Online (AnyWare) Rockville, MD / Online (AnyWare) Reserve Your Seat

How would you like to attend?

Live, Online
In-Class

Guaranteed to Run

Show all dates
Show fewer dates

Private Team Training

Enroling at least 3 people in this course? Consider bringing this (or any course that can be custom designed) to your preferred location as a private team training.

For details, call 0800 282 353 or Click here »

Tuition Fee

Standard

In Classroom or
Online

Standard

£2095

Private Team Training

Contact Us »

Course Tuition Fee Includes:

After-Course Instructor Coaching
When you return to work, you are entitled to schedule a free coaching session with your instructor for help and guidance as you apply your new skills.

After-Course Computing Sandbox
You'll be given remote access to a preconfigured virtual machine for you to redo your hands-on exercises, develop/test new code, and experiment with the same software used in your course.

Free Course Exam
You can take your Learning Tree course exam on the last day of your course or online at any time after class and receive a Certificate of Achievement with the designation "Awarded with Distinction."

Prev
Next

Training Hours

Standard class hours:
9:00 a.m. - 4:30 p.m.

Last day class hours:
9:00 a.m. - 3:30 p.m.

Free Course Exam – Last Day:
3:30 p.m. - 4:30 p.m.

Each class day:
Informal discussion with instructor about your projects or areas of special interest:
4:30 p.m. - 5:30 p.m.

AFTERNOON START class hours:
2:00 p.m. - 9:30 p.m.


Last day class hours:
2:00 p.m. - 8:30 p.m.


Free Course Exam – Last Day:
8:30 p.m. - 9:30 p.m.


Each class day:
Informal discussion with instructor about your projects or areas of special interest
9:30 p.m. - 10:30 p.m.

Enhance Your Credentials with Professional Certification

Learning Tree's comprehensive training and exam preparation guarantees that you will gain the knowledge and confidence to achieve professional certification and advance your career.

This course is approved by CompTIA for continuing education units (CEUs). For additional information and to confirm which courses are eligible towards your CompTIA certification, click here.

Learning Tree Courses mapped to the Industry respected IISP Skills Framework and assessed against the exacting standards of GCHQ. Read more ...

“Taking a Learning Tree system and network security course live, online via AnyWare was valuable to me because I did not have to make the long drive to class every day”.

- R. Scott, Business Analyst
CACI

Prev
Next
Chat Now

Please Choose a Language

Canada - English

Canada - Français