Beschrijving

M2-CSWAE

Prerequisites

A student needs to meet the following prequisites in order to fully benefit from the course:

  • A minimum of 24 months’experience in software technologies & security
  • Sound knowledge of networking
  • Experience with at least one coding Language
  • Linux understanding
  • Open shell

Course outcome

Upon completion, Certified Secure Web Application Engineerstudents will be able to establish industry acceptable  auditing  standards  with  current  best  practices  and  policies.

Who should attend

This course was designed for the benefit of the following organization roles:

  • Coders
  • Web Application Engineers
  • IS Managers
  • Application Engineers
  • Developers/Programmers

Contents

  • Online Video
  • Electronic Book (Workbook/Lab guide)
  • Exam Prep Questions
  • Exam

Course outline

  • Module 1: Web Application Security
  • Module 2: OWASP TOP 10
  • Module 3: Threat Modeling & Risk Management
  • Module 4: Application Mapping
  • Module 5: Authentication and Authorisation attacks
  • Module 6: Session Management attacks
  • Module 7: Application Logic attacks
  • Module 8: Data Validation
  • Module 9: AJAX attacks
  • Module 10: Code Review and Security Testing
  • Module 11: Web Application Penetration Testing
  • Module 12: Secure SDLC
  • Module 13: Cryptography

Lab Outline

  • Module 1: Environment Setup and Architecture
  • Module 2: OWASP TOP 10 2013
  • Module 3: Threat Modeling 2
  • Module 4: Application Mapping & Analysis
  • Module 5: Authentication and Authorization attacks
  • Module 6: Session Management attacks
  • Module 9: AJAX Security
  • Module 10: Code Review and Security Testing
  • Lab 10-1: Code Review
  • Lab 10-2: Security Test Scripts
  • Lab 10-3: Writing Java Secure CodeAnnex 11: Alternatives Labs
  • Lab 11-1: WebGoat & Webscarab
  • Lab 11-2: WebGoat -Cross Site Request Forgery (CSRF)
  • Lab 11-3: Missing Function Level Access Control
  • Lab 11-4: Perform Forced Browsing Attacks

Short description

This course teaches the methodology, tools and best practices for assessing a website’s vulnerabilty to attacks. Furthermore, trainees will learn how to negate security weaknesses and assure service reliablility.

Expanded description

The Secure Web programmer knows how to identify, mitigate and defend against all attacks through designing and building systems that are resistant to failure. The secure web application developer knows how to develop web applications that aren’t subject to common vulnerabilities, and how to test and validate that their applications are secure, reliable and resistant to attack. The, vendor-neutral, Certified Secure Web Application Engineer, C)SWAE, certification provides the developer with a thorough and broad understanding of secure application concepts, principles, and standards. The student will be able to design, develop and test web applications that will provide reliable web services. Students will also learn to account for functional business requirements and satisfy compliance and assurance needs.

The C)SWAE course is delivered by high-level OWASP experts. Students can expect to obtain real-world security knowledge that enables them to recognize vulnerabilities, exploit system weaknesses and help safeguard against application threats. This course will begin by providing the necessary architecture components to help us understand what technologies are being used under the hood. This helps with making informed decisions when choosing a cloud vendor. We will then look at different types of cloud products, how they work, what they can do for us. Next we will adress how these factors impact the decisions on the benefits of migrating to the cloud. We will also discuss the negatives, as there are many times one should not move to the cloud with certain types of data or when costs are too high. We will spend a lot of time on understanding security as it relates to our data including discussions on agreements with cloud vendors.

 875,00 (excl. BTW)
Offerte aanvragen