Understanding Web Application Security: A Technical Overview

Course Details
Code: TT8020
Tuition (USD): $895.00 • Classroom (1 day)
Course Details
GSA (USD): $811.58 • Classroom (1 day)

This course is essential application security training for technical leads, project managers, testing/QA personnel, and other stakeholders who need to understand the issues and concepts associated with secure web applications. You will learn the best practices for designing, implementing, and deploying secure web applications. You will cover current, real examples that illustrate the potential consequences of not following these best practices. You will leave this course armed with an understanding of software vulnerabilities, defenses for those vulnerabilities, and testing those defenses for sufficiency. You will be introduced to the most common security vulnerabilities faced by web applications today. Each vulnerability is examined through a process of describing the threat and attack mechanisms, the associated vulnerabilities, and designing, implementing, and testing effective defenses.

Skills Gained

  • Concepts and terminology behind defensive, secure coding
  • Magnitude of the problems associated with web application security and the potential risks associated with those problems
  • Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets
  • Consequences for not properly handling untrusted data (denial of service, cross-site scripting, and injections)
  • Vulnerabilities of associated with authentication and authorization
  • Techniques and measures that can used to harden web and application servers as well as other components in your infrastructure
  • Relate to the potential vulnerabilities and defenses for the processing of XML in web services and Ajax

Who Can Benefit

Web application project stakeholders who wish to develop well defended web applications


  • Minimum of two years working knowledge in IT
  • Basic understanding of web applications and the associated technologies
  • Actual development working knowledge is helpful but not required

Course Details


  • Misconceptions
  • Security Concepts
  • Defensive Coding Principles
  • Reality

Top Security Vulnerabilities

  • Unvalidated Input
  • Broken Access Control
  • Broken Authentication and Session Management
  • Cross Site Scripting (XSS/CSRF) Flaws
  • Injection Flaws
  • Error Handling and Information Leakage
  • Insecure Storage
  • Insecure Management of Configuration
  • Direct Object Access
  • Spoofing and Redirects

Defending XML Processing

  • Defending XML
  • Defending Web Services
  • Defending Ajax

What's Important

  • Prioritizing Your Efforts
  • Common Vulnerabilities and Exposures for 2011
  • OWASP Top Ten for 2010
  • CWE/SANS Top 25 Programming Errors
  • Monster Mitigations

Secure Software Development (SSD)

  • SSD Process
  • Applying Processes and Practices
  • Risk Analysis

Security Testing

  • Testing Principles
  • Reviews as Form of Testing
  • Testing
  • Tools
  • Testing Practices
Contact Us 1-800-803-3948
Contact Us Live Chat
FAQ Get immediate answers to our most frequently asked qestions. View FAQs arrow_forward