Školení: RT330CZ
Essentials of Web Application Security V2.0
- kurz IBM
- délka kurzu: 1 den
- cena: 12750 CZK
- kategorie: IBM/rational
Nejbližší termíny:
Kurz není v nejbližší době naplánován.
Kontaktujte nás a pokusíme se Vám vyjít vstříc.
Podrobnosti:
This course is designed to educate Web developers, security auditors,
and quality assurance personnel about the Web application security
problem. You will learn about the most critical Web application security
vulnerabilities and ways to resolve them, as well as some best
practices for integrating Web application security in the software
development lifecycle (SDLC).
Kurz je určen pro:
This basic course is for:
- Web Developers
- Web Development Managers
- Quality Assurance Specialists
- Security Auditors
Předpokládané znalosti:
You should have:
- Basic Web development knowledge
- Hypertext Markup Language (HTML)
- Hypertext Transfer Protocol (HTTP)
Co se u nás naučíte:
- Describe the Web application security problem
- Understand secure coding concepts
- Describe the Web Application Security Consortium (WASC) Threat Classifications
- Describe the Open Web Application Security Project (OWASP) Top Ten Web application security vulnerabilities
- Understand how simple exploits can be made
- Implement solutions to the discussed vulnerabilities
- Understand how Web application vulnerability testing can be implemented in the Software Development Life Cycle (SDLC)
- Understand
how you can use threat modeling techniques such as DREAD (Damage,
Reliability, Exploitability, Affected users, and Discoverability) and
STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial
of service, and Elevation of privilege) to help you identify and
prioritize Web application vulnerabilities
Obsah:
- The Web Application Security Problem
- Web Application Basics
- Common Secure Coding Concepts
- Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF)
- SQL Injection
- Malicious File Execution and Insecure Direct Object Reference
- Information Leakage and Improper Error Handling
- Broken Authentication and Session Management
- Insecure Cryptographic Storage and Insecure Communications
- Failure to Restrict URL Access
- Integrating Application Security in your SDLC