Web Programming Security Training

Category:

Course Description

This course is developed as a resource for web application developers, testers, and the Information and Systems Security/Compliance department.

Are you a developer/student who is confused of the DOs/DON’Ts in secured web programming?

Well, we have a rather exhaustive list to keep things simple – from input validation to deploying cryptos, from identifying the vulnerabilities exhibiting by default configuration at the server end to validating at server side to adding newer headers; this course will cover a rather broad list of topics on secured web programming when you are developing web application.

Training Objectives

Security for web applications is no longer an option.

All websites deployed on the internet need to have security built in to ensure that they are not compromised either to get their data stolen or to be used as a launching pad against other websites.

Course Description

What to expect

A training full of code samples, coding exercises and ideas on how to do defensible coding.

What not to expect

A lot of theory about the formal way of coding for security.

Pre-requisites

Web Development experience

Duration

4 days

Table of Contents

Day 1: What is a web application?	Day 2: Authentication and Authorization
Security vs. Insecurity or the need for Security	Hands On
HTTP Basics	Secure Authentication and Authorization in Rails Framework
Cookies	Session Management
Web Architecture	Hands On
Interception Proxy	Rails Session Storage – Cookies vs. Database
Hands On	Data Validation
OWASP Top 10 2010 For Secure Development Hands-On	Hands On
Injection	Data Validation in Rails Model
Cross Site Scripting	Default Type Validators
Broken Authentication and Session Management	Custom Validators
Insecure Direct Object Reference	ActiveRecord Validation Hooks
Cross Site Request Forgery	Interpreter Injection
Security Misconfiguration	Hands On
Insecure Cryptographic Storage	Input Validation and Output Encoding in Rails Framework
Failure to Restrict URL Access	ActiveRecord ORM for Rails
Insufficient Transport Layer Protection	Secure Custom Queries with ActiveRecord
Unvalidated Redirects and Forwards	Canonicalization, Locale and Unicode
	Hands On
	Internationalization in Rails Framework
	Error Handling, Auditing and Logging
	Hands On
	Rails Logger
	Standard Logging
	Unified Logging
	Security Concerns in Logging
	File System in detail
	Hands On
Day 3	Day 4
Cryptography	Securing File Upload
Ruby OpenSSL Library	Database Security Basics
Ruby Secure Random Number Generator	Basics of Cryptography for the Web and basics of TLS/SSL
Example of salted hashing in Rails	Secure Hashing
Rails Application Data Management using ActiveAdmin	HMAC for Integrity Verification
Web Server Basics	Hashing and Salting and Newer better ways to store sensitive data
Infrastructure Security for Secure Development	Security Response Headers
Secure Deployment of Rails Application	CSP in Rails
Handling File Uploads
File Upload Managers for Rails

Hardware Requirements

64 bit Operating System like Windows 7+, Ubuntu Linux 12.04+, Mac OS X 10.8+
At least 4GB of RAM free on the system
10 GB of Free Hard Disk Space
Network Connectivity or USB Ports for copying data

Software Requirements

Ability to install Virtualization software like Virtualbox or VMWare Workstation Player
Ability to install software as per requirement with administrator privileges
Ability to disable security software if required so

Other Information

Delivery:	Part Time, face to face
Duration:
Frequency:
Contact hours:
Course Fees:
Assessment Modes:
Accreditation/Validation:	NA
Entry Requirements:	NA
Language Proficiency	NA

Monday	8:30 am - 6:30 pm
Tuesday	8:30 am - 6:30 pm
Wednesday	8:30 am - 6:30 pm
Thursday	8:30 am - 6:30 pm
Friday	8:30 am - 6:30 pm
Saturday	Closed
Sunday	Closed