Call : (+91) 968636 4243
Mail : info@EncartaLabs.com

Securing Web Applications, Services and Servers

( Duration: 4 Days )

The Securing Web Applications, Services and Servers training course provides in-depth, hands-on experience for securing web-based applications and host servers.

By attending Securing Web Applications, Services and Servers workshop, delegates will learn to:

Implement and test secure web applications in their organization
Identify, diagnose and remediate the OWASP top ten web application security risks
Configure a web server to encrypt web traffic with HTTPS
Protect Ajax-powered applications and prevent JSON data theft
Secure XML web services with WS-Security

Those who have basic knowledge of web application and server operation and who want to implement, test and deploy secure web applications.

COURSE AGENDA

Setting the Stage

Defining threats to your web assets
Surveying the legal landscape and privacy issues

Establishing Security Fundamentals

Modeling web security
- Achieving Confidentiality, Integrity and Availability (CIA)
- Performing authentication and authorization
Encrypting and hashing
- Distinguishing public- and private-key cryptography
- Verifying message integrity

Augmenting Web Server Security

Configuring security for HTTP services
- Managing software updates
- Restricting HTTP methods
Securing communication with SSL/TLS
- Obtaining and installing server certificates
- Enabling HTTPS on the web server
Detecting unauthorized modification of content
- Configuring permissions correctly
- Scanning for file-system changes

Implementing Web Application Security

Employing OWASP resources
- The Open Web Application Security Project (OWASP) top ten
- Remediating identified vulnerabilities
Securing database and application interaction
- Uncovering and preventing SQL injection
- Defending against an insecure direct object reference
Managing session authentication
- Protecting against session ID hijacking
- Blocking cross-site request forgery
Controlling information leakage
- Displaying sanitized error messages to the user
- Handling request and page faults
Performing input validation
- Establishing trust boundaries
- Removing the threat of Cross-Site Scripting (XSS)
- Exposing the dangers of client-side validation
- Implementing robust server-side input validation with regular expressions

Enhancing Ajax Security

Ajax features
- Identifying core Ajax components
- Exchanging information asynchronously
Assessing risks and evaluating threats
- Managing unpredictable interactions
- Exposing JSON vulnerabilities

Securing XML Web Services

Diagnosing XML vulnerabilities
- Identifying non terminated tags and field overflows
- Uncovering web service weaknesses
Protecting the SOAP message exchange
- Validating input with an XML schema
- Encrypting exchanges with HTTPS
- Implementing WS-Security with a framework

Scanning Applications for Weaknesses

Operating and configuring scanners
- Matching patterns to identify faults
- “Fuzzing” to discover new or unknown vulnerabilities
Detecting application flaws
- Scanning applications remotely
- Finding vulnerabilities in web applications with OWASP and third-party penetration testing tools

Best Practices for Web Security

Adopting standards
- Reducing risk by implementing proven architectures
- Handling personal and financial data
Managing network security
- Modeling threats to reduce risk
- Integrating applications with your network architecture

Encarta Labs Advantage

One Stop Corporate Training Solution Providers for over 6,000 various courses on a variety of subjects
All courses are delivered by Industry Veterans
Get jumpstarted from newbie to production ready in a matter of few days

Trained more than 50,000 Corporate executives across the Globe
All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting https://www.encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop/online training for a group of 10+ candidates.

Top

Notice