Web Programming Security Training

Web Programming Security Training

Category:
Cyber Security Course/

This course is developed as a resource for web application developers, testers, and the Information and Systems Security/Compliance department.

Are you a developer/student who is confused of the DOs/DON’Ts in secured web programming?

Well, we have a rather exhaustive list to keep things simple – from input validation to deploying cryptos, from identifying the vulnerabilities exhibiting by default configuration at the server end to validating at server side to adding newer headers; this course will cover a rather broad list of topics on secured web programming when you are developing web application.

cyber security

Training Objectives

Security for web applications is no longer an option.

All websites deployed on the internet need to have security built in to ensure that they are not compromised either to get their data stolen or to be used as a launching pad against other websites.

Course Description

What to expect  
A training full of code samples, coding exercises and ideas on how to do defensible coding.
What not to expect  
A lot of theory about the formal way of coding for security.
Pre-requisites  
Web Development experience

Duration

4 days

Table of Contents

Day 1: What is a web application?

  • Security vs. Insecurity or the need for Security
  • HTTP Basics
  • Cookies
  • Web Architecture
  • Interception Proxy
  • Hands On  
  • OWASP Top 10 2010 For Secure Development Hands-On
  • Injection
  • Cross Site Scripting
  • Broken Authentication and Session Management  
  • Insecure Direct Object Reference
  • Cross Site Request Forgery
  • Security Misconfiguration
  • Insecure Cryptographic Storage
  • Failure to Restrict URL Access
  • Insufficient Transport Layer Protection
  • Unvalidated Redirects and Forwards

Day 2: Authentication and Authorization

  • Hands On
  • Secure Authentication and Authorization in Rails Framework
  • Session Management
  • Hands On
  • Rails Session Storage – Cookies vs. Database
  • Data Validation
  • Hands On
  • Data Validation in Rails Model
  • Default Type Validators
  • Custom Validators
  • ActiveRecord Validation Hooks
  • Interpreter Injection
  • Hands On
  • Input Validation and Output Encoding in Rails Framework
  • ActiveRecord ORM for Rails
  • Secure Custom Queries with ActiveRecord
  • Canonicalization, Locale and Unicode
  • Hands On
  • Internationalization in Rails Framework
  • Error Handling, Auditing and Logging
  • Hands On
  • Rails Logger
  • Standard Logging
  • Unified Logging
  • Security Concerns in Logging
  • File System in detail
  • Hands On

Day 3

  • Cryptography
  • Ruby OpenSSL Library
  • Ruby Secure Random Number Generator
  • Example of salted hashing in Rails
  • Rails Application Data Management using ActiveAdmin
  • Web Server Basics
  • Infrastructure Security for Secure Development
  • Secure Deployment of Rails Application
  • Handling File Uploads
  • File Upload Managers for Rails

Day 4

  • Securing File Upload
  • Database Security Basics
  • Basics of Cryptography for the Web and basics of TLS/SSL
  • Secure Hashing
  • HMAC for Integrity Verification
  • Hashing and Salting and Newer better ways to store sensitive data
  • Security Response Headers
  • CSP in Rails

Hardware requirements

  • 64 bit Operating System like Windows 7+, Ubuntu Linux 12.04+, Mac OS X 10.8+
  • At least 4GB of RAM free on the system
  • 10 GB of Free Hard Disk Space
  • Network Connectivity or USB Ports for copying data

Software requirements

  • Ability to install Virtualization software like Virtualbox or VMWare Workstation Player
  • Ability to install software as per requirement with administrator privileges
  • Ability to disable security software if required so

Other Information

Delivery: Part Time, face to face
Duration:
Frequency:
Contact hours:
Course Fees:
Assessment Modes:
Accreditation/Validation: NA
Entry Requirements: NA
Language Proficiency NA