This course explores risk management in Web applications, identifying and classifying weaknesses, and strategies for developing secure Web applications.
The Internet is an integral part of most organizations today, but this widely used public network is also the source of data theft, cyberstalking, and many other threats. Organizations with a significant Web presence, such as e-commerce sites, must ensure their Web applications are as secure as possible. This Web-based course is designed for IT professionals who manage Web servers or are involved with application development projects. The course offers access to online resources including texts, lectures, and virtual labs that duplicate real-world scenarios. Qualified instructors are available to answer questions about the content and theory.
To begin, you will learn how to perform a post-mortem review of a data breach incident. You will actually perform a live brute force attack on a virtual Web server and configure tcpdump to capture traffic on the server while the attack is occurring. You will also dissect HTTP header information and use Webalizer, a Web analysis tool, to investigate statistics gathered from Web logs. Next, you will learn about the 10 most critical Web application security risks as determined by the Open Web Application Security Project (OWASP). Then you will use the Damn Vulnerable Web Application (DVWA) to perform some of the most common Web application attacks: a brute force attack, a cross-site request forgery (CSRF) attack, a file inclusion (upload) attack, an SQL injection attack, and a cross-site scripting attack (XSS). Finally, you will plan for explore the OWASP Web site and review its Web application test methodology.
Learning Objectives
- Compare and contrast Web-based risks.
- Analyze common Web site attacks, weaknesses, and security best practices.
- Describe the attributes and qualities of secure coding practices.
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Software Development
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.