Fundamentals of Web Application Defence

sqs_logo SQS AcademyLogo DGERT

A SQS é a Nº 1 em Formação de Qualidade de Software. É ISTQB® Accredited Training Provider e como parceiro PLATINUM do ISTQB®, (entidade internacional responsável pela certificação de profissionais na área de qualidade de software), possui um vasto portfólio formativo neste âmbito com o objetivo de formar profissionais na área de qualidade de software, com garantias de reconhecimento no mercado nacional e internacional.

A Olisipo é a empresa responsável pela divulgação, gestão e operacionalização desse portfólio formativo em Portugal. A SQS Academy, efetua a preparação para a Certificação Oficial de profissionais em ISTQB® (Certified Tester Foundation Level; Certified Tester Foundation Level – Agile Extension; Certified Tester Advanced Level, Test Manager; Certified Tester Advanced Level, Test Analyst e Certified Tester Advanced Level, Tecnhical Test Analyst).

Conheça o Calendário SQS Academy 2018

Apresentação

This course is provided in association with our security experts from a BSI expert from the Cybersecurity and Information Resilience domain. A one day course. With web applications becoming ubiquitous across every organisation, many are unaware of the potential risk they are exposing their organisation by implementing insecure applications. Insecure web applications can result in customer data exposure or downtime of critical systems, leading to significant financial and reputational damage to the organisation. As web applications bring with them new avenues for attack, so too must organisations be trained to understand and address these new risks. Our 1-day Web Applications Security Testing course is an introduction to the common security risks within web applications, with a series of practical exercises that will equip delegates with the knowledge required to identify, test and correct any exposures.

Destinatários

Developer, Agile Tester, Security Testing Specialist 

Objetivos

The objective of this programme is to reduce the risk to the organisation posed by web applications by educating delegates in secure design and development practices, allowing them to understand, identify and eliminate these new risks before they result in damage the organisation.

Programa

This one day course will cover the background to, and testing requirements for, the following software security issues:

Web Application Security

  • As applications become increasingly complex, the risk of vulnerabilities within web application increases dramatically unless securely designed and developed.

Authentication

  • A discussion of common issues with authentication mechanisms

Session Management

  • Maintaining session state is essential in all web application. However, attackers can exploit bad session management practices to gain access or escalate privileges within the application.

Authorisation

  • Restricting access between users is increasingly important as web application increase in complexity and functionality. Ensure this segregation is critical in any web application.

Data Validation

  • All user input should be treated as insecure until sanitised or validated to not contain malicious content. This is one of the most key elements in web application security.

Information Disclosure

  • Comments and debugging information used by developers when troubleshooting issues can be a mine of information to potential attackers looking to understand the application and identify vulnerabilities.

Code Injection

  • Interpreters provide additional processing outside of the application, when users input is involved in generating the query there exists the potential for an attacker to manipulate the logic. This includes such topics as SQL injection, command injection a Cross site Scripting

Cross site Scripting 

  • In taking input from the user and sending it back to the browser without validation, the application is open to phishing and other scripting attacks that appear completely legitimate to the user.

Path traversal

  • Allowing user input to view, upload or delete a file, can compromise not just the application, but also the entire server.

OWASP Top Ten

  • The OWASP Top Ten outlines the ten most common web application security vulnerabilities. Reviewing your applications against the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organisat

Threat Modelling

  • These methods allow you to effectively find and address the threats and vulnerabilities your application is exposed to.

Inscreva-se

Fundamentals of Web Application Defence

  • Nº Horas
    h
  • Preço
    Sob Consulta