• Classroom
  • Online, Instructor-Led

Securing Web Applications Overview is geared for web developers and technical stakeholders who need to produce secure web applications, integrating security measures into the development process from requirements to deployment and maintenance. This overview-level course explores core concepts and challenges in web application security, showcasing current, real-world examples that illustrate the potential consequences of not following these best practices. Go beyond theory and learn practical skills directly applicable to your work: ethical hacking, bug hunting, detection, and mitigation of threats to authentication and authorization functionalities. You'll understand the mechanics and threats of Cross-Site Scripting (XSS) and Injection attacks and comprehend the risks and mitigation strategies associated with XML processing, software uploads, and deserialization. The final portion of this course builds on the previously learned mechanics for building defenses by exploring how design and analysis can be used to build stronger applications from the beginning of the software lifecycle.

Learning Objectives

  • Perform hacking and bug hunting in a safe and appropriate manner.
  • Identify defect/bug reporting mechanisms within their organizations.
  • Setup and use various tools and techniques to determine a web application’s operational environment.
  • Setup and use various tools and techniques to enumerate all aspects of a web application and vulnerabilities.
  • Work with specific tools for targeted vulnerabilities.
  • Determine common mistakes that are made in bug hunting and vulnerability testing.
  • Define concepts and terminology behind defensive, secure coding including the phases and goals of a typical exploit.
  • Develop an appreciation for the need and value of a multilayered defense in depth.
  • Determine potential sources for untrusted data.
  • Distinguish the consequences for not properly handling untrusted data such as denial of service, cross-site scripting, and injections.
  • Determine the existence of and effectiveness of layered defenses to test web applications with various attack techniques.
  • Prevent and defend potential vulnerabilities associated with untrusted data.
  • Confirm the vulnerabilities associated with authentication and authorization.
  • Detect, attack, and implement defenses for authentication, authorization, functionality and services as well as XSS and Injection attacks.
  • Describe the dangers and mechanisms behind Cross-Site Scripting (XSS) and Injection attacks.
  • Assess the risks associated with XML processing, file uploads, and server-side interpreters and how to best eliminate or mitigate those risks.
  • Comprehend the strengths, limitations, and use for tools such as code scanners, dynamic scanners, and web application firewalls (WAFs).
  • Apply techniques and measures that can be used to harden web and application servers as well as other components in your infrastructure

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):