Course Outline

IT Security and Secure Coding

  • Overview of information security principles
  • CIA triad: Confidentiality, Integrity, Availability
  • Common threats and threat modeling
  • Best practices for secure software development lifecycle (SSDLC)

Web Application Security

  • Understanding OWASP Top Ten and beyond
  • Authentication and session management flaws
  • Injection vulnerabilities (SQL, Command, LDAP, etc.)
  • Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF)

Client-Side Security

  • DOM-based attacks and JavaScript-specific risks
  • Insecure use of AJAX and browser storage
  • Clickjacking and UI redressing
  • Content Security Policy (CSP) implementation

Practical Cryptography

  • Basic concepts: hashing, encryption, digital signatures
  • Public key vs. symmetric key cryptography
  • Transport Layer Security (TLS) basics
  • Key management and common crypto mistakes

Security of Web Services

  • SOAP and REST security considerations
  • Authentication mechanisms: OAuth, JWT, API keys
  • Common web service attacks and defenses
  • Input validation in service payloads

XML Security

  • XML injection and parsing attacks
  • Entity expansion and XXE vulnerabilities
  • Secure parsing techniques and libraries
  • Using XML Security standards (XML-DSig, XML-Enc)

Knowledge Sources and Security Tools

  • Recommended tools for security testing (e.g., OWASP ZAP, Burp Suite)
  • Code scanning and analysis tools
  • Online resources and security guidelines
  • How to stay updated with emerging threats

Summary and Next Steps

Requirements

  • An understanding of basic web application architecture
  • Experience with a programming language such as Java, C#, PHP, or JavaScript
  • Familiarity with client-server communication and HTTP

Audience

  • Developers
  • Web application architects
  • Security-conscious technical teams
 14 Hours

Number of participants


Price per participant

Testimonials (5)

Upcoming Courses

Related Categories