This Full Stack Cybersecurity Training for Web Apps and Services course provides in-depth, hands-on experience securing Web-based applications and their servers. You will gain in-depth experience securing web services and learn how to integrate robust security measures into the web application development process by adopting proven architectures and best practices.
This web service security course includes the OWASP top 10 most critical web application security risks and how to remediate them.
Securing Web Applications, Services and Servers Training Delivery Methods
Securing Web Applications, Services and Servers Training Course Information
In this training, you will learn about the following:
- Implement and test secure web applications in your organization
- Identify, diagnose, and remediate the OWASP top ten web application security risks
- Configure a web server to encrypt web traffic with HTTPS
- Protect Ajax-powered applications and prevent JSON data theft
- Secure XML web services with WS-Security
Prerequisites
Basic knowledge of Web application operation and Web server administration is assumed. For example, you should understand Web browser/server operation, session management and basic HTML. In addition, experience with server-side Web application development and security knowledge is helpful.
Securing Web Applications, Services and Servers Training Outline
- Defining threats to your web assets
- Surveying the legal landscape and privacy issues
Modeling web security
- Achieving Confidentiality, Integrity and Availability (CIA)
- Performing authentication and authorization
Encrypting and hashing
- Distinguishing public– and private–key cryptography
- Verifying message integrity
Configuring security for HTTP services
- Managing software updates
- Restricting HTTP methods
Securing communication with SSL/TLS
- Obtaining and installing server certificates
- Enabling HTTPS on the web server
Detecting unauthorized modification of content
- Configuring permissions correctly
- Scanning for file–system changes
Employing OWASP resources
- The Open Web Application Security Project (OWASP) top ten
- Remediating identified vulnerabilities
Securing database and application interaction
- Uncovering and preventing SQL injection
- Defending against an insecure direct object reference
Managing session authentication
- Protecting against session ID hijacking
- Blocking cross-site request forgery
Controlling information leakage
- Displaying sanitized error messages to the user
- Handling requests and page faults
Performing input validation
- Establishing trust boundaries
- Removing the threat of Cross-Site Scripting (XSS)
- Exposing the dangers of client-side validation
- Implementing robust server-side input validation with regular expressions
Ajax features
- Identifying core Ajax components
- Exchanging information asynchronously
Assessing risks and evaluating threats
- Managing unpredictable interactions
- Exposing Ajax vulnerabilities
Diagnosing XML vulnerabilities
- Identifying nonterminated tags and field overflows
- Uncovering web service weaknesses
Protecting the SOAP message exchange
- Validating input with an XML schema
- Encrypting exchanges with HTTPS
- Implementing WS–Security with a framework
Operating and configuring scanners
- Matching patterns to identify faults
- "Fuzzing" to discover new or unknown vulnerabilities
Detecting application flaws
- Scanning applications remotely
- Finding vulnerabilities in web applications with OWASP and third-party penetration testing tools
Adopting standards
- Reducing risk by implementing proven architectures
- Handling personal and financial data
Managing network security
- Modeling threats to reduce risk
- Integrating applications with your network architecture
