• Online, Self-Paced
Course Description

This course explores risk management in Web applications, identifying and classifying weaknesses, and strategies for developing secure Web applications.

The Internet is an integral part of most organizations today, but this widely used public network is also the source of data theft, cyberstalking, and many other threats. Organizations with a significant Web presence, such as e-commerce sites, must ensure their Web applications are as secure as possible. This Web-based course is designed for IT professionals who manage Web servers or are involved with application development projects. The course offers access to online resources including texts, lectures, and virtual labs that duplicate real-world scenarios. Qualified instructors are available to answer questions about the content and theory.

To begin, you will learn how to perform a post-mortem review of a data breach incident. You will actually perform a live brute force attack on a virtual Web server and configure tcpdump to capture traffic on the server while the attack is occurring. You will also dissect HTTP header information and use Webalizer, a Web analysis tool, to investigate statistics gathered from Web logs. Next, you will learn about the 10 most critical Web application security risks as determined by the Open Web Application Security Project (OWASP). Then you will use the Damn Vulnerable Web Application (DVWA) to perform some of the most common Web application attacks: a brute force attack, a cross-site request forgery (CSRF) attack, a file inclusion (upload) attack, an SQL injection attack, and a cross-site scripting attack (XSS). Finally, you will plan for explore the OWASP Web site and review its Web application test methodology.

Learning Objectives

  • Compare and contrast Web-based risks.
  • Analyze common Web site attacks, weaknesses, and security best practices.
  • Describe the attributes and qualities of secure coding practices.

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.