Defensive Web Application Development
This course has been designed for equipping web application developer to understand different threat surface area a web application faces. It equips professional to identify and mitigate different type of vulnerability left at the time of web application development.
Prerequisites: Knowledge of modern web application development.
Below is the detailed courseware syllabus
|1.||Web Basics and Authentication Security||HTTP basics, Overview of web technologies, Web application architecture, Recent attack trends, uthentication vulnerabilities and defense, Authorization vulnerabilities and defense|
|2.||Web Application Common Vulnerabilities and Mitigations||SSL vulnerabilities and testing, Proper encryption use in web application, Session vulnerabilities and testing, Cross Site Request Forgery, Business logic flaws and Concurrency, Input related flaws and related defense, SQL Injection vulnerabilities, testing and defense,|
|3.||Proactive Defense and Operation Security||Cross Site Scripting vulnerability and defenses, Web environment configuration security, Intrusion detection in web application, Incident handling and Honey token|
|4.||AJAX and Web Services Security||Web services overview, Security in parsing of XML, XML security, AJAX technologies overview, AJAX attack trends and common attacks, AJAX defense|
|5.||Cutting Edge Web Security||Click Jacking, DNS rebinding, Flash security, Java applet security, Single Sign on solution and security, IPv6 impact on web security, Module 6: Mitigation of server configuration errors, Discovering and mitigating coding problems, Testing business logic issues and fixing problems, Web services testing and security problem mitigation|
|6.||Capture & Defend the Flag Exercise||Mitigation of server configuration errors, Discovering and mitigating coding problems, Testing business logic issues and fixing problems, Web services testing and security problem mitigation|
|7.||Live Web Application Project|