Web Programming Security Training

Web Programming Security Training

Category:
Cyber Security Course/

Course Description

This course is developed as a resource for web application developers, testers, and the Information and Systems Security/Compliance department.

Are you a developer/student who is confused of the DOs/DON’Ts in secured web programming?

Well, we have a rather exhaustive list to keep things simple – from input validation to deploying cryptos, from identifying the vulnerabilities exhibiting by default configuration at the server end to validating at server side to adding newer headers; this course will cover a rather broad list of topics on secured web programming when you are developing web application.

Training Objectives

Security for web applications is no longer an option.

All websites deployed on the internet need to have security built in to ensure that they are not compromised either to get their data stolen or to be used as a launching pad against other websites.

What to expect

  • A training full of code samples, coding exercises and ideas on how to do defensible coding. 

What not to expect

  • A lot of theory about the formal way of coding for security. 

Pre-requisites  

  • Web Development experience

4 days

Day 1: What is a web application? Day 2: Authentication and Authorization
Security vs. Insecurity or the need for Security Hands On
HTTP Basics Secure Authentication and Authorization in Rails Framework
Cookies Session Management
Web Architecture Hands On
Interception Proxy Rails Session Storage – Cookies vs. Database
Hands On Data Validation
OWASP Top 10 2010 For Secure Development Hands-On Hands On
Injection Data Validation in Rails Model
Cross Site Scripting Default Type Validators
Broken Authentication and Session Management  Custom Validators
Insecure Direct Object Reference ActiveRecord Validation Hooks
Cross Site Request Forgery Interpreter Injection
Security Misconfiguration Hands On
Insecure Cryptographic Storage Input Validation and Output Encoding in Rails Framework
Failure to Restrict URL Access ActiveRecord ORM for Rails
Insufficient Transport Layer Protection Secure Custom Queries with ActiveRecord
Unvalidated Redirects and Forwards Canonicalization, Locale and Unicode
Hands On
Internationalization in Rails Framework
Error Handling, Auditing and Logging
Hands On
Rails Logger
Standard Logging
Unified Logging
Security Concerns in Logging
File System in detail
Hands On
Day 3 Day 4
Cryptography Securing File Upload
Ruby OpenSSL Library Database Security Basics
Ruby Secure Random Number Generator Basics of Cryptography for the Web and basics of TLS/SSL
Example of salted hashing in Rails Secure Hashing
Rails Application Data Management using ActiveAdmin HMAC for Integrity Verification
Web Server Basics Hashing and Salting and Newer better ways to store sensitive data
Infrastructure Security for Secure Development Security Response Headers
Secure Deployment of Rails Application CSP in Rails
Handling File Uploads
File Upload Managers for Rails

  • 64 bit Operating System like Windows 7+, Ubuntu Linux 12.04+, Mac OS X 10.8+
  • At least 4GB of RAM free on the system
  • 10 GB of Free Hard Disk Space
  • Network Connectivity or USB Ports for copying data

  • Ability to install Virtualization software like Virtualbox or VMWare Workstation Player
  • Ability to install software as per requirement with administrator privileges
  • Ability to disable security software if required so

Delivery: Part Time, face to face
Duration:
Frequency:
Contact hours:
Course Fees:
Assessment Modes:
Accreditation/Validation: NA
Entry Requirements: NA
Language Proficiency NA