Introduction to Web Application Security

Course Duration: 1 hour
Intended Audience: Security Professionals, Developers, Project Managers, Quality Assurance Staff

This course provides students with the basic concepts and terminology for understanding application security issues. It provides a definition of application-level security and demonstrates how these concerns extend beyond those of traditional infrastructure security. It also provides an explanation of common application security vulnerabilities such as SQL injection, Cross Site Scripting (XSS) and authorization issues. Armed with this knowledge, developers, QA testers and security personnel can understand and start to be able to address application-level threats.

Lesson 1: Intro & Concepts
Course Objectives: After completing this lesson, you should be able to:

  • Explain how intended application functionality differs from the intended functionality and how it is interesting to an attacker
  • Realize the potential for application inputs to be used as avenues for attack

Lesson 2: Real Case Studies - Notable Breaches
Course Objectives: After completing this lesson, you should be able to:

  • Appreciate the impact of poor security in production environments
  • Justify the mitigation effort to minimize exposed attack surfaces

Lesson 3: Application Attack Demonstration
Course Objectives: After completing this lesson, you should be able to:

  • Understand the approaches an attacker uses to find application-level vulnerabilities
  • Understand the potential for malicious use of features in a vulnerable application

Lesson 4: What is Application Security and Why is it Important?
Course Objectives: After completing this lesson, you should be able to:

  • Provide a working definition of application security
  • Provide explanations of the chief application security concerns: Confidentiality, Integrity and Availability
  • Explain why application security is important for organizations to address
  • Describe the roles that major regulatory requirements play in secure application development

Lesson 5: SQL Injection Activity
Course Objectives: After completing this lesson, you should be able to:

  • Understand the basics of an SQL Injection attack
  • Understand the potential impact of exploited SQL injection vulnerabilities
  • Understand the basics of protecting an application from injection attacks

Lesson 6: HTTP Basics
Course Objectives: After completing this lesson, you should be able to:

  • Explain the difference between GET and POST requests
  • Explain the Lifecycle of HTTP Requests
  • Explain the benefits and risks of session authentication over HTTP Basic authentication

Lesson 7: Cross-Site Scripting Activity
Course Objectives: After completing this lesson, you should be able to:

  • Describe the mechanics behind Cross-Site Scripting (XSS) vulnerabilities and attacks
  • Understand how XSS can abuse a user's trust
  • Understand the types of risks the exploitation of XSS vulnerabilities poses to web applications

On-Site Training Available

If e-Learning is not the best solution for your training needs, the creators of ThreadStrong also offer application security training in classroom format.

Register for an Online Demonstration or Contact Us for More Information.