TECH TRAINING 6 – BUILDING SECURE WEB AND MOBILE APPLICATIONS
TRAINER: Jim Manico (VP of Security Architecture, Whitehat Security) |
CAPACITY: 20 pax |
SEATS LEFT: COURSE CANCELLED
|
DURATION: 2 days (14th & 15th October 2013) |
COST (per pax): MYR4999 (early bird) / MYR5999 (non early-bird) |
OVERVIEW
The major cause of web insecurity is insecure software development practices.
This highly intensive and interractive 2-day course provides essential application security training for web application, webservice and mobile software developers and architects. The class is a combination of lecture, hands-on security testing and code review. Participants will not only learn the most common threats against applications, but more importantly they will learn how to also fix the problems and design secure web solutions via defense-based code samples and review.
This class will also highlight production quality API’s from various languages, frameworks, and 3rd party libraries that provide production quality and scalable security controls. This course will focus on Java and .NET programming, but any software developer building web applications will benefit. We provide free email support for life for all students. Digital copies of all course ware will be provided.
WHO SHOULD ATTEND
Any web application developer or architect, web security professionals and development managers who are tasked with building secure web applications, web services and mobile applications.
KEY LEARNING OBJECTIVES
-
How to build injection-safe server-side applications
-
How to build modern access control functionality for multi-tenant data-driven applications
-
How to build an injection safe user interface
-
How to build a secure authentication mechanism
-
How to store passwords securely
-
How to build multi-factor authentication mechanisms
-
Understanding the limits of HTTPS and what to do about it
-
How to implement multi-layered CSRF protection
-
How to implement modern security HTTP Headers
-
How to implement modern symmetric cryptographic storage
-
How to implement asymmetric crypto for encryption and non-repudiation
-
How to build security into various stages of the SDLC
-
How to build a secure mobile application
-
How to build a secure REST web service
COURSE AGENDA
DAY 1 (MORNING)
HTTP Basics and Introduction to Application Security
Input Validation
SQL and other Injection
DAY 1 (AFTERNOON)
Access Control Design
XSS Defense
Advanced XSS Defense
DAY 2 (MORNING)
Authentication and Session Management
CSRF/Clickjacking Defense
Secure SDLC and Security Architecture
DAY 2 (AFTERNOON)
Cryptographic Storage
Mobile Security Basics
Webservice Security