Web Application Security
Course Overview
This is the course to take if you have to defend web applications! The quantity and importance of data entrusted to web applications is growing, and defenders need to learn how to secure them. Traditional network defenses, such as firewalls, fail to secure web applications. DEV522 covers the OWASP Top 10 Risks and will help you better understand web application vulnerabilities, thus enabling you to properly defend your organization’s web assets. Mitigation strategies from an infrastructure, architecture, and coding perspective will be discussed alongside real-world applications that have been proven to work. The testing aspect of vulnerabilities will also be covered so that you can ensure your application is tested for the vulnerabilities discussed in class. To maximize the benefit for a wider range of audiences, the discussions in this course will be programming language agnostic. Focus will be maintained on security strategies rather than coding-level implementation.
Course Details
The topics that will be covered include:
– Infrastructure security
– Server configuration
– Authentication mechanisms
– Application language configuration
– Application coding errors like SQL injection and cross-site scripting
– Cross-site request forging
– Authentication bypass
– Web services and related flaws
– Web 2.0 and its use of web services
– XPATH and XQUERY languages and injection
– Business logic flaws
– Protective HTTP headers
Prerequisites
This class requires a basic understanding of web application technology and concepts such as HTML and JavaScript.