Building Secure Web Applications

This course is taught using a combination of theory, practical examples, and hands-on training. It is designed to provide an overview of the fundamental principles of Web application security.

Course Objective
This session presents students with an understanding of:

• How web applications work
• How vulnerabilities manifest in them
• How hackers find and exploit these vulnerabilities
• Solutions for protecting Web applications

 

Secure Coding for Java Technologies

Once developers understand the basics, they are in a position to start learning more specific design and coding techniques for Java application security. This course approaches application security practices and associated vulnerabilities as part of nine domains. Trust Boundaries covers essential principles regarding the treatment of application inputs from any source. In the Authentication and Authorization domains, we discuss application approaches to verifying a user is who they claim to be, and that that user is allowed to do what they attempt to do. Input Validation covers approaches to validating application input as well as what inputs should be subject to validation. With Information and Error Handling, Non-Repudiation and Auditing, Data Protection, and Configuration and Deployment, we discuss a wide range of practices that apply to applications and web applications in general, as well as recommended approaches for more distinct application features. This course is alo available in a .NET security training version so that developers learn platform-specific concerns and countermeasures.

Domain 1: Trust Boundaries
Domain 2: Authentication
Domain 3: Authorization
Domain 4: Validation and Encoding
Domain 5: Information and Error Handling
Domain 6: Non-Repudiation and Auditing
Domain 7: Data Protection
Domain 8: Configuration and Deployment
Domain 9: Defense in Depth

 

Advanced Secure Coding for .NET

This highly practical, interactive course will focus on secure coding techniques and methodologies that can be immediately applied in your applications. The class uses real-world examples, walking through real code samples, using live, feature-rich applications, and showing how to hunt down, debug, and mitigate these flaws through better coding practices.

Course Objectives
security as a culture amongst the developers and will also include the following components:

• Review of the secure coding guidelines for .Net
• .Net specific features like anti-XSS library
• Illustrate how Web applications are attacked by hackers
• Show how these attacks work
• Show coding mistakes that make you vulnerable to attacks
• Demonstrate how to make your code secure

Contact

COE Security also offers on-site education sessions for groups. Public courses are also available to individuals in cities across the country. To find out more about COE Security training services, contact our corporate office at 1-855-263-7328.