Type to search LearningTree.com

Do you mean "{{response.correctedQuery}}" ?

Sorry, no results were found for your query.

Please check your spelling and try your search again.

 

Mobile App Development Training









Preferred method of contact?

Securing Web Applications, Services and Servers

COURSE TYPE

Practitioner

Course Number

940

Duration

4 Days

Enroll

About This Course: Cyber security is a serious challenge today as attackers specifically target web application vulnerabilities. As a result, organizations must integrate robust security measures into the web application development process. This course provides in-depth, hands-on experience securing web-based applications and host servers.

You Will Learn How To

  • Implement and test secure web applications in your organization
  • Identify, diagnose and remediate the OWASP top ten web application security risks
  • Configure a web server to encrypt web traffic with HTTPS
  • Protect Ajax-powered applications and prevent JSON data theft
  • Secure XML web services with WS-Security

Course Outline

  • Setting the Stage
  • Defining threats to your web assets
  • Surveying the legal landscape and privacy issues
  • Establishing Security Fundamentals

Modeling web security

  • Achieving Confidentiality, Integrity and Availability (CIA)
  • Performing authentication and authorization

Encrypting and hashing

  • Distinguishing public– and private–key cryptography
  • Verifying message integrity
  • Augmenting Web Server Security

Configuring security for HTTP services

  • Managing software updates
  • Restricting HTTP methods

Securing communication with SSL/TLS

  • Obtaining and installing server certificates
  • Enabling HTTPS on the web server

Detecting unauthorized modification of content

  • Configuring permissions correctly
  • Scanning for file–system changes
  • Implementing Web Application Security

Employing OWASP resources

  • The Open Web Application Security Project (OWASP) top ten
  • Remediating identified vulnerabilities

Securing database and application interaction

  • Uncovering and preventing SQL injection
  • Defending against an insecure direct object reference

Managing session authentication

  • Protecting against session ID hijacking
  • Blocking cross–site request forgery

Controlling information leakage

  • Displaying sanitized error messages to the user
  • Handling request and page faults

Performing input validation

  • Establishing trust boundaries
  • Removing the threat of Cross–Site Scripting (XSS)
  • Exposing the dangers of client–side validation
  • Implementing robust server–side input validation with regular expressions
  • Enhancing Ajax Security

Ajax features

  • Identifying core Ajax components
  • Exchanging information asynchronously

Assessing risks and evaluating threats

  • Managing unpredictable interactions
  • Exposing Ajax vulnerabilities
  • Securing XML Web Services

Diagnosing XML vulnerabilities

  • Identifying nonterminated tags and field overflows
  • Uncovering web service weaknesses

Protecting the SOAP message exchange

  • Validating input with an XML schema
  • Encrypting exchanges with HTTPS
  • Implementing WS–Security with a framework
  • Scanning Applications for Weaknesses

Operating and configuring scanners

  • Matching patterns to identify faults
  • "Fuzzing" to discover new or unknown vulnerabilities

Detecting application flaws

  • Scanning applications remotely
  • Finding vulnerabilities in web applications with OWASP and third–party penetration testing tools
  • Best Practices for Web Security

Adopting standards

  • Reducing risk by implementing proven architectures
  • Handling personal and financial data

Managing network security

  • Modeling threats to reduce risk
  • Integrating applications with your network architecture
Show complete outline
Show Less

Course Schedule

Attend this live, instructor-led course In-Class or Online via AnyWare.

Hassle-Free Enrollment: No advance payment required.
Tuition due 30 days after your course.

Dec 19 - 22 New York/AnyWare Enroll Now

How would you like to attend?

Live, Online via AnyWare
In-Class

Jan 17 - 20 Toronto/AnyWare Enroll Now

How would you like to attend?

Live, Online via AnyWare
In-Class

Jan 31 - Feb 3 Alexandria, VA/AnyWare Enroll Now

How would you like to attend?

Live, Online via AnyWare
In-Class

Feb 21 - 24 Ottawa/AnyWare Enroll Now

How would you like to attend?

Live, Online via AnyWare
In-Class

Mar 14 - 17 Herndon, VA/AnyWare Enroll Now

How would you like to attend?

Live, Online via AnyWare
In-Class

Apr 11 - 14 Rockville, MD/AnyWare Enroll Now

How would you like to attend?

Live, Online via AnyWare
In-Class

Jul 18 - 21 Alexandria, VA/AnyWare Enroll Now

How would you like to attend?

Live, Online via AnyWare
In-Class

Jul 25 - 28 New York/AnyWare Enroll Now

How would you like to attend?

Live, Online via AnyWare
In-Class

Aug 22 - 25 AnyWare Enroll Now

How would you like to attend?

Live, Online via AnyWare

Aug 29 - Sep 1 Ottawa/AnyWare Enroll Now

How would you like to attend?

Live, Online via AnyWare
In-Class

Sep 12 - 15 Herndon, VA/AnyWare Enroll Now

How would you like to attend?

Live, Online via AnyWare
In-Class

Oct 10 - 13 Rockville, MD/AnyWare Enroll Now

How would you like to attend?

Live, Online via AnyWare
In-Class

Guaranteed to Run

Show all dates
Show fewer dates

Bring this Course to Your Organization and Train Your Entire Team
For more information, call 1-888-843-8733 or click here

Tuition

Standard

$2990

Government

$2659

Course Tuition Includes:

After-Course Instructor Coaching
When you return to work, you are entitled to schedule a free coaching session with your instructor for help and guidance as you apply your new skills.

After-Course Computing Sandbox
You'll be given remote access to a preconfigured virtual machine for you to redo your hands-on exercises, develop/test new code, and experiment with the same software used in your course.

Free Course Exam
You can take your course exam on the last day of your course and receive a Certificate of Achievement with the designation "Awarded with Distinction."

Prev
Next

Questions

Call 1-888-843-8733 or click here »

An experienced training advisor will happily answer any questions you may have and alert you to any tuition savings to
which you or your organization may be entitled.

Training Hours

Standard Course Hours: 9:00 am – 4:30 pm
*Informal discussion with instructor about your projects or areas of special interest: 4:30 pm – 5:30 pm


FREE Online Course Exam (if applicable) – Last Day: 3:30 pm – 4:30 pm
By successfully completing your FREE online course exam, you will:

  • Have a record of your growth and learning results.
  • Bring proof of your progress back to your organization
  • Earn credits toward industry certifications (if applicable)
  • Make progress toward one or more Learning Tree Specialist & Expert Certifications (if applicable)

Enhance Your Credentials with Professional Certification

Learning Tree's comprehensive training and exam preparation guarantees that you will gain the knowledge and confidence to achieve professional certification and advance your career.

This course is approved by CompTIA for continuing education units (CEUs). For additional information and to confirm which courses are eligible towards your CompTIA certification, click here.

Earn 23 Credits from NASBA

This course qualifies for 23 CPE credits from the National Association of State Boards of Accountancy CPE program. Read more ...

“Taking a security course live, online via AnyWare was valuable to me because I did not have to make the long drive to class every day. I was better able to focus on the class instead of dealing with the frustrations of the commute.”

- R. Scott, Business Analyst
CACI

Prev
Next
s