Defensive Web Application Development

This course has been designed for equipping web application developer to understand different threat surface area a web application faces. It equips professional to identify and mitigate different type of vulnerability left at the time of web application development.

Prerequisites: Knowledge of modern web application development.

Below is the detailed courseware syllabus

ModuleTopicsSubtopics
1.Web Basics and Authentication SecurityHTTP basics, Overview of web technologies, Web application architecture, Recent attack trends, uthentication vulnerabilities and defense, Authorization vulnerabilities and defense
2.Web Application Common Vulnerabilities and MitigationsSSL vulnerabilities and testing, Proper encryption use in web application, Session vulnerabilities and testing, Cross Site Request Forgery, Business logic flaws and Concurrency, Input related flaws and related defense, SQL Injection vulnerabilities, testing and defense,
3.Proactive Defense and Operation SecurityCross Site Scripting vulnerability and defenses, Web environment configuration security, Intrusion detection in web application, Incident handling and Honey token
4.AJAX and Web Services SecurityWeb services overview, Security in parsing of XML, XML security, AJAX technologies overview, AJAX attack trends and common attacks, AJAX defense
5.Cutting Edge Web SecurityClick Jacking, DNS rebinding, Flash security, Java applet security, Single Sign on solution and security, IPv6 impact on web security, Module 6: Mitigation of server configuration errors, Discovering and mitigating coding problems, Testing business logic issues and fixing problems, Web services testing and security problem mitigation
6.Capture & Defend the Flag ExerciseMitigation of server configuration errors, Discovering and mitigating coding problems, Testing business logic issues and fixing problems, Web services testing and security problem mitigation
7.Live Web Application Project