Preferred method of contact:

Securing Web Applications, Services and Servers

COURSE TYPE

Intermediate

Course Number

940

Duration

4 Days

PDF Add to WishList

Organizations must apply penetration testing tools to ensure the security of their web applications and limit their vulnerability against cyber attacks. In this training course, you gain in-depth experience securing web-based applications and host servers, and learn how to integrate robust security measures into the web application development process by adopting proven architectures and best practices.

You Will Learn How To

  • Implement and test secure web applications in your organization
  • Identify, diagnose, and remediate the OWASP top ten web application security risks
  • Configure a web server to encrypt web traffic with HTTPS
  • Protect Ajax-powered applications and prevent JSON data theft
  • Secure XML web services with WS-Security

Course Outline

  • Setting the Stage
  • Defining threats to your web assets
  • Surveying the legal landscape and privacy issues
  • Establishing Security Fundamentals

Modeling web security

  • Achieving Confidentiality, Integrity and Availability (CIA)
  • Performing authentication and authorization

Encrypting and hashing

  • Distinguishing public– and private–key cryptography
  • Verifying message integrity
  • Augmenting Web Server Security

Configuring security for HTTP services

  • Managing software updates
  • Restricting HTTP methods

Securing communication with SSL/TLS

  • Obtaining and installing server certificates
  • Enabling HTTPS on the web server

Detecting unauthorized modification of content

  • Configuring permissions correctly
  • Scanning for file–system changes
  • Implementing Web Application Security

Employing OWASP resources

  • The Open Web Application Security Project (OWASP) top ten
  • Remediating identified vulnerabilities

Securing database and application interaction

  • Uncovering and preventing SQL injection
  • Defending against an insecure direct object reference

Managing session authentication

  • Protecting against session ID hijacking
  • Blocking cross–site request forgery

Controlling information leakage

  • Displaying sanitized error messages to the user
  • Handling request and page faults

Performing input validation

  • Establishing trust boundaries
  • Removing the threat of Cross–Site Scripting (XSS)
  • Exposing the dangers of client–side validation
  • Implementing robust server–side input validation with regular expressions
  • Enhancing Ajax Security

Ajax features

  • Identifying core Ajax components
  • Exchanging information asynchronously

Assessing risks and evaluating threats

  • Managing unpredictable interactions
  • Exposing Ajax vulnerabilities
  • Securing XML Web Services

Diagnosing XML vulnerabilities

  • Identifying nonterminated tags and field overflows
  • Uncovering web service weaknesses

Protecting the SOAP message exchange

  • Validating input with an XML schema
  • Encrypting exchanges with HTTPS
  • Implementing WS–Security with a framework
  • Scanning Applications for Weaknesses

Operating and configuring scanners

  • Matching patterns to identify faults
  • "Fuzzing" to discover new or unknown vulnerabilities

Detecting application flaws

  • Scanning applications remotely
  • Finding vulnerabilities in web applications with OWASP and third–party penetration testing tools
  • Best Practices for Web Security

Adopting standards

  • Reducing risk by implementing proven architectures
  • Handling personal and financial data

Managing network security

  • Modeling threats to reduce risk
  • Integrating applications with your network architecture
Show complete outline
Show Less

Convenient Ways to Attend This Instructor-Led Course

Hassle-Free Enrollment: No advance payment required to reserve your seat.
Tuition due 30 days after you attend your course.

In the Classroom

Live, Online

Private Team Training

In the Classroom — OR — Live, Online

Tuition — Standard: $2990   Government: $2659

Jul 25 - 28 (4 Days)
9:00 AM - 4:30 PM EDT
New York / Online (AnyWare) New York / Online (AnyWare) Reserve Your Seat

How would you like to attend?

Live, Online
In-Class

Aug 29 - Sep 1 (4 Days)
9:00 AM - 4:30 PM EDT
Ottawa / Online (AnyWare) Ottawa / Online (AnyWare) Reserve Your Seat

How would you like to attend?

Live, Online
In-Class

Sep 12 - 15 (4 Days)
9:00 AM - 4:30 PM EDT
Herndon, VA / Online (AnyWare) Herndon, VA / Online (AnyWare) Reserve Your Seat

How would you like to attend?

Live, Online
In-Class

Oct 10 - 13 (4 Days)
9:00 AM - 4:30 PM EDT
Rockville, MD / Online (AnyWare) Rockville, MD / Online (AnyWare) Reserve Your Seat

How would you like to attend?

Live, Online
In-Class

Nov 6 - 9 (4 Days)
9:00 AM - 4:30 PM EST
Toronto / Online (AnyWare) Toronto / Online (AnyWare) Reserve Your Seat

How would you like to attend?

Live, Online
In-Class

Dec 19 - 22 (4 Days)
9:00 AM - 4:30 PM EST
Online (AnyWare) Online (AnyWare) Reserve Your Seat

How would you like to attend?

Live, Online

Jan 23 - 26 (4 Days)
9:00 AM - 4:30 PM EST
New York / Online (AnyWare) New York / Online (AnyWare) Reserve Your Seat

How would you like to attend?

Live, Online
In-Class

Feb 27 - Mar 2 (4 Days)
9:00 AM - 4:30 PM EST
Ottawa / Online (AnyWare) Ottawa / Online (AnyWare) Reserve Your Seat

How would you like to attend?

Live, Online
In-Class

Mar 13 - 16 (4 Days)
9:00 AM - 4:30 PM EDT
Herndon, VA / Online (AnyWare) Herndon, VA / Online (AnyWare) Reserve Your Seat

How would you like to attend?

Live, Online
In-Class

Apr 10 - 13 (4 Days)
9:00 AM - 4:30 PM EDT
Rockville, MD / Online (AnyWare) Rockville, MD / Online (AnyWare) Reserve Your Seat

How would you like to attend?

Live, Online
In-Class

May 8 - 11 (4 Days)
9:00 AM - 4:30 PM EDT
Toronto / Online (AnyWare) Toronto / Online (AnyWare) Reserve Your Seat

How would you like to attend?

Live, Online
In-Class

Guaranteed to Run

Show all dates
Show fewer dates

Private Team Training

Enrolling at least 3 people in this course? Consider bringing this (or any course that can be custom designed) to your preferred location as a private team training.

For details, call 1-888-843-8733 or Click Here »

Tuition

Standard

Government

In Classroom or
Online

Standard

$2990

Government

$2659

Private Team Training

Contact Us »

Course Tuition Includes:

After-Course Instructor Coaching
When you return to work, you are entitled to schedule a free coaching session with your instructor for help and guidance as you apply your new skills.

After-Course Computing Sandbox
You'll be given remote access to a preconfigured virtual machine for you to redo your hands-on exercises, develop/test new code, and experiment with the same software used in your course.

Free Course Exam
You can take your course exam on the last day of your course and receive a Certificate of Achievement with the designation "Awarded with Distinction."

Prev
Next

Training Hours

Standard Course Hours: 9:00 am – 4:30 pm
*Informal discussion with instructor about your projects or areas of special interest: 4:30 pm – 5:30 pm

FREE Online Course Exam (if applicable) – Last Day: 3:30 pm – 4:30 pm
By successfully completing your FREE online course exam, you will:

  • Have a record of your growth and learning results
  • Bring proof of your progress back to your organization
  • Earn credits toward industry certifications (if applicable)

Enhance Your Credentials with Professional Certification

Learning Tree's comprehensive training and exam preparation guarantees that you will gain the knowledge and confidence to achieve professional certification and advance your career.

This course is approved by CompTIA for continuing education units (CEUs). For additional information and to confirm which courses are eligible towards your CompTIA certification, click here.

Earn 23 Credits from NASBA

This course qualifies for 23 CPE credits from the National Association of State Boards of Accountancy CPE program. Read more ...

“Taking a security course live, online via AnyWare was valuable to me because I did not have to make the long drive to class every day. I was better able to focus on the class instead of dealing with the frustrations of the commute.”

- R. Scott, Business Analyst
CACI

Prev
Next
Chat Now

Please Choose a Language

Canada - English

Canada - Français