Register For
Upcoming Events
August
- SANS Boston 2008
- Register Now!
- Boston, MA
- August 9 - August 17, 2008
September
- SANS@Home - Security 522 - Tanya Baccam
- Register Now!
- SANS@Home SEC522-20080909, VA
- September 9 - September 25, 2008 - Community SANS London 2008
- Register Now!
- London, GB
- September 20 - September 27, 2008 - SANS Network Security 2008
- Register Now!
- Las Vegas, NV
- September 28 - October 6, 2008
December
- SANS Cyber Defense Initiative 2008
- Register Now!
- Washington, DC
- December 10 - December 16, 2008
Security 422 ::
Web Application Security Essentials (formerly SEC522)
Overview
Web Application Security Essentials is a three-day hands-on, action-packed course covering the defensive strategies for Web applications against current and future attacks. This course will help you understand the fundamental reasons behind the Web vulnerabilities which will then enable you to properly defend your organization's Web assets. Mitigation strategies from an infrastructure, architecture, and coding perspective will be discussed alongside real-world implementations that really work. The key security problem areas of Web applications will be covered, as well as new technology areas such as AJAX and Web Services.
To maximize the benefit for a wider range of audiences, the discussions in this course will be programming language agnostic. Focus will be maintained on security strategies rather than coding level implementation. This course is intended for anyone tasked with implementing secure Web applications.
Web Application Security Essentials is particularly well suited to application security analysts, developers, application architects, pen testers who are interested in recommending proper mitigations to security issues, and infrastructure security professionals who have an interest in better defending their Web applications.
Who Should Attend
- Web Application Developers
- Application Architects
- Application Security Analysts
- Penetration Testers who are interested in recommending proper mitigations to security issues
- Securing web application infrastructures
- Cryptography
- Authentication
- Access control
- Session mechanism protection
- Web application logging
- Input issues and proper validation
- SQL injection Defense
- Cross-Site Scripting Defense
- Phishing Defense
- HTTP Response Splitting and Defense
- Cross-Site Request Forgery Defense
- AJAX Security
- Web Services Security
Laptop
Students attending this course are required to bring their own laptops that are properly configured. There is not enough time in class to help you install your laptop; your laptop must be properly installed and configured before you come to class.
Minimum hardware requirement:
- 1GHz processor
- 512MB RAM (1GB highly recommended)
- 3GB free hard disk space
- CD ROM drive
- An unused USB slot
A laptop with Windows 2000 or XP is required with the latest Service Packs and patches. Install the Microsoft .NET framework runtime on the laptop. We will NOT be developing code on the .NET framework; some of tools used in class require the framework. Please install VMWare Player or VMWare Workstation on the laptop. (GSX and ESX will not work.) VMware player can be downloaded for free at www.vmware.com.
At the beginning of class, you will be given a Linux bootable CD. This CD will be booted within VMWare as a virtual image. You must have the ability to disable the host firewall (Windows firewall or other third party firewall) and anti-virus running on your desktop. This usually means you need to have administrative privilege on the machine. The Windows host and Linux host need to talk to each other through the VMWare network interface. A firewall could disallow such communication and render some of the exercise unsuccessful.