$950.00 On-Demand Learning

Overview

Course Includes:

  • Individual Course Access
  • Course Video
  • E-Workbook
  • E-Prep & Lab Guide
  • Exam
  • 2 Week Cyber Range
  • 1 Year Exam Voucher

Prerequisites:

  • A minimum of 24 months’ experience in software technologies & security
  • Sound knowledge of networking
  • At least one coding Language
  • Linux understanding
  • Open shell

Student Materials:

  • Student Workbook
  • Student Lab Guide
  • Exam Prep guide

Certification Exam:

Mile2’s CSWAE-Certified Secure Web Application Engineer

CPEs: 32 Hours

Who Should Attend?

  • Coders
  • Web Application Engineers
  • IS Managers
  • Application Engineers
  • Developers
  • Programmers

Organizations and governments fall victim to internet-based attacks every day. In many cases, web attacks could be thwarted but hackers, organized criminal gangs, and foreign agents are able to exploit weaknesses in web applications. The Secure Web programmer knows how to identify, mitigate and defend against all attacks through designing and building systems that are resistant to failure. The secure web application developer knows how to develop web applications that aren’t subject to common vulnerabilities, and how to test and validate that their applications are secure, reliable and resistant to attack. The vendor-neutral Certified Secure Web Application Engineer certification provides the developer with a thorough and broad understanding of secure application concepts, principles, and standards. The student will be able to design, develop and test web applications that will provide reliable web services that meet functional business requirements and satisfy compliance and assurance needs. The Certified Secure Web Application Engineer course is delivered by high-level OWASP experts and students can expect to obtain real-world security knowledge that enables them to recognize vulnerabilities, exploit system weaknesses and help safeguard against application threats.

This course will begin by providing the necessary architecture components to help us understand what technologies are being used under the hood so that we can make informed decisions when choosing a cloud vendor. We will then look at different types of cloud products, how they work, what they can do for us and how we can make informed decisions on the benefits of migrating to the cloud. We will also discuss the negatives, as there are many times one should not move to the cloud with certain types of data or when costs are too high. We will spend a lot of time on understanding security as it relates to our data including discussions on agreements with cloud vendors.

Description

Course Outline

  • Module 1: Web Application Security
  • Module 2: OWASP Top 10
  • Module 3: Threat Modeling & Risk Management
  • Module 4: Application Mapping
  • Module 5: Authentication and Authorization Attacks
  • Module 6: Session Management Attacks
  • Module 7: Application Logic Attacks
  • Module 8: Data Validation
  • Module 9: AJAX Attacks
  • Module 10: Code Review And Security Testing
  • Module 11: Web Application Penetration Testing
  • Module 12: Secure SDLC
  • Module 13: Cryptography

Lab Outline

  • Module 1: Environment Setup and Architecture
  • Module 2: OWASP TOP 2013: Session Management Attacks
  • Module 3: Threat Modeling
  • Module 4: Application Modeling and Analysis
  • Module 5: Authentication and Authorization Attacks
  • Module 6: Session Management Attacks
  • Module 9: AJAX Security
  • Module 10-1: Code Review
  • Module 10-2: Security Test Scripts
  • Module 10-3: Writing Java Secure Code
  • Annex 11: Alternatives Labs
  • Lab 11-1 4: WebGoat & WebScarab
  • Lab 11-2: WebGoat – Cross-Site Request Forgery (CSRF)
  • Lab 11-3 Missing Function Level Access Control
  • Lab 11-4: Perform Forced Browsing Attacks