McCullough & Associates | Training | Consulting

(972) 712-7103

Essential Web Application Security

Take this class

Click here to request this course on a different date.

Every day you hear new about a network breach and loss of valuable information.  While networks and operating system platforms are becoming more secure, custom application code presents huge vulnerabilities for attackers to exploit.  Regardless of whether you need PCI compliance, regulatory compliance, or simply want to protect your systems, this course is essential for your custom application developers.

This course is designed to satisfy section 6.5 of the PCI Data Security Standard, but is also critical for any developer of custom application code.  First, we provide an overview of the Open Web Application Security Project (OWASP) top 10, showing developers what the most common attacks are and how they are perpetrated.  Then, we provide concise recommendations on coding techniques to avoid the top 10 vulnerabilities as well as improving overall code quality.

Audience

This course is for experienced JSP or ASP.Net developers.

Length: 6 Hours

Outline

  • PCI Data Security Standard (DSS)
  • Overview of the OWASP Project
  • Secure Coding Principles
  • Top Ten
    • Injection Flaws
    • Broken Authentication and Session Management
    • Cross Site Scripting
    • Insecure Direct Object Reference
    • Security Misconfiguration
    • Sensitive Data Exposure
    • Missing Function Level Access Controls
    • Cross Site Request Forgery
    • Using Components with Known Vulnerabilities
    • Unvalidated Redirects & Forwards
  • Best Practices
  • Whitelist vs Blacklist
  • Regular Expressions
  • Validation points & Frameworks
  • Summary of E-Commerce Requirements
  • Managing Access – Authentication & Authorization
  • DREAD
  • Conclusion