Technical and Human Resources Training Courses for Corporate Programs

"This class was definitely one of the most directly applicable courses I have taken during my tenure at this company. VERY useful."

View All Testimonials

Course Title

Building & Testing Web Applications

2 days

 

Prerequisites

 

Participants should be familiar with HTTP, HTML.  Familiarity with JSP or ASP.Net is helpful, but not required.

Description

This course guides the participant through the top ten security vulnerabilities of websites.  Using the OWASP top ten list, this course explains the vulnerability, provides samples of the flaw, provides solutions to protect the application, and provides tests to check site security.  Since this class covers the top ten, it satisfies PCI DSS requirement 6.5, which states that organizations should “cover prevention of common coding vulnerabilities.”

 

Using a demonstration website, seeded with vulnerabilities as well as the WebScarab test tool, participants will understand process of penetration testing and code inspection to identify flaws.

Outline/Table of Contents

Overview of the OWASP Project

Using Test Tools

·         Overview

·         WebScarab

Top Ten

·         Cross Site Scripting

·         Injection Flaws

·         Malicious File Execution

·         Insecure Direct Object Reference

·         Cross Site Request Forgery

·         Information Leakage & Improper Error Handling

·         Broken Authentication & Session Management

·         Insecure Cryptographic Storage

·         Insecure Communications

·         Failure to Restrict URL Access

Securing Web Applications

·         Software Development Lifecycle

·         Web Application Security

·         The Security Perimeter

·         Top Ten SummaryAbout the List

·         PCI Standards Vulnerabilities no longer on the OWASP List

·         Mapping

Cross Site Scripting (XSS)

·         XSS Example

·         Types of Attack

·         Detecting

·         How-To

Injection Flaws

·         Injection Example, Detection & How-To

·         Possible Solution

·         Malicious File Execution

Insecure Direct Object Reference

·         Verification & Prevention

Cross Site Request Forgery  (CSRF)

Information Leakage & Improper Error Handling

·         Vulnerability

·         Verification

·         Protection

·         JSP Specifics

Broken Authentication & Session Management

·         Vulnerability

·         Testing

·         Protection

·         JSP Specific Issues

Insecure Cryptographic Storage

·         Vulnerability

·         Protection

·         Java/JSP

Insecure Communication

·         Vulnerability

·         Protection

Failure to Restrict URL Access

·         Vulnerability

·         Verification

·         Protection

·         JSP Specific

Input Validation Techniques

 

 

Phone: 972-404-0069   www.beacontraining.com