Securing Web Applications, Services and Servers Training

Certification
N/A
Qualification level
N/A
Location
Live/Online
Study type
Distance learning
Duration
View Website
Price
View Website

About the course

This Securing Web Applications, Services & Servers course provides in-depth, hands-on experience securing Web-based applications and the servers they run on. You will gain in-depth experience securing web services, and learn how to integrate robust security measures into the web application development process by adopting proven architectures and best practises.

This web service security course includes the OWASP top 10 most critical web application security risks and how to remediate them.

 

Key Features of this Web Service Security Training:

  • After-course instructor coaching benefit
  • Learning Tree end-of-course exam included
  • After-course computing sandbox included

You Will Learn How To:

  • Implement and test secure web applications in your organisation
  • Identify, diagnose, and remediate the OWASP top ten web application security risks
  • Configure a web server to encrypt web traffic with HTTPS
  • Protect Ajax-powered applications and prevent JSON data theft
  • Secure XML web services with WS-Security

 

Important Web Service Security Course Information

Recommended Experience

Basic knowledge of Web application operation and Web server administration are assumed. You should have knowledge at the level of Course 470, Developing a Website. For example, you should have an understanding of Web browser/server operation, session management and basic HTML. In addition, experience with server-side Web application development and security knowledge is helpful.

 

Web Service Security Course Outline

Setting the Stage

  • Defining threats to your web assets
  • Surveying the legal landscape and privacy issues

 

Establishing Security Fundamentals

Modelling web security

  • Achieving Confidentiality, Integrity and Availability (CIA)
  • Performing authentication and authorisation

Encrypting and hashing

  • Distinguishing public– and private–key cryptography
  • Verifying message integrity

 

Augmenting Web Server Security

Configuring security for HTTP services

  • Managing software updates
  • Restricting HTTP methods

Securing communication with SSL/TLS

  • Obtaining and installing server certificates
  • Enabling HTTPS on the web server

Detecting unauthorised modification of content

  • Configuring permissions correctly
  • Scanning for file–system changes

 

Implementing Web Application Security

Employing OWASP resources

  • The Open Web Application Security Project (OWASP) top ten
  • Remediating identified vulnerabilities

Securing database and application interaction

  • Uncovering and preventing SQL injection
  • Defending against an insecure direct object reference

Managing session authentication

  • Protecting against session ID hijacking
  • Blocking cross–site request forgery

Controlling information leakage

  • Displaying sanitized error messages to the user
  • Handling request and page faults

Performing input validation

  • Establishing trust boundaries
  • Removing the threat of Cross–Site Scripting (XSS)
  • Exposing the dangers of client–side validation
  • Implementing robust server–side input validation with regular expressions

 

Enhancing Ajax Security

Ajax features

  • Identifying core Ajax components
  • Exchanging information asynchronously

Assessing risks and evaluating threats

  • Managing unpredictable interactions
  • Exposing Ajax vulnerabilities

 

Securing XML Web Services

Diagnosing XML vulnerabilities

  • Identifying nonterminated tags and field overflows
  • Uncovering web service weaknesses

Protecting the SOAP message exchange

  • Validating input with an XML schema
  • Encrypting exchanges with HTTPS
  • Implementing WS–Security with a framework

 

What is web service security?

Applies security to web services. It is an extension to SOAP and a member of the web service specifications.

 

Can I learn web service security online?

Yes! We know your busy work schedule may prevent you from getting to one of our classrooms which is why we offer convenient online training to meet your needs wherever you want. This course is available in class and live online.

 

 

Contact the course provider: