Register For
Upcoming Events
May
- SANS Security East 2009
- Register Now!
- New Orleans, LA
- May 4 - May 12, 2009 - SANS Toronto 2009
- Register Now!
- Toronto, ON
- May 5 - May 13, 2009 - SANS OnDemand
- Register Now!
- Anywhere
- Anytime
(Portal Account Required)
Developer 319 ::
Intro to Web Application Security
Overview
From a mere 26 Web servers operating in November 1992 growing to well over 100 million Web sites today, we have come a long way in Web technology over a short period of time. Today, almost every organization has its own Web site for conducting business transactions or other critical functions. And for many companies, their online presence has become a major revenue generator. As everyone jumps on the bandwagon to do business on the Web, many problems can arise which are directly related to the security aspects of Web applications. The adage "where there is money, there is crime" has become true on a daily basis as we see credit cards and other financial data compromised through Web application vulnerabilities. And that is not even the full extent of the problem because Web-based malware and worms are still spreading in the wild.
Intro to Web Application Security is a two-day hands-on, action-packed course covering the common vulnerabilities that are leveraged by attackers, the basic principles of securing Web applications, and basic testing techniques for detecting the vulnerabilities. This course will help you understand the mechanics of the components necessary for effective Web application security which will then enable you to properly defend your organization's assets. With the information you learn in this class, you will be able to perform basic security testing on Web applications as well as architect, design, and develop more secure Web applications.
This course is particularly well suited to developers, QA analysts, and infrastructure security professionals who have an interest in exploring the Web application security world.
Who Should Attend
- Security practitioners and managers
- Auditors
- QA analysts who want to learn the mechanics of Web applications for better testing
- IT infrastructure professionals who want a basic understanding of Web technologies and security issues
- Anyone interested in techniques for securing Web applications
Laptop
Laptop RequiredStudents attending this course are required to bring their own laptops that are properly configured. There is not enough time in class to help you install your laptop; your laptop must be properly installed and configured before you come to class.
Minimum hardware requirement:
- 1GHz processor
- 512MB RAM (1GB highly recommended)
- 3GB free hard disk space
- CD ROM drive
- An unused USB slot
A laptop with Windows 2000, XP, or Vista is required with the latest Service Packs and patches. Install the following software on the computer:
- Java Runtime Environment (JRE) - please download from http://www.sun.com
- Firefox browser (version 2) - DO NOT install version 3
- Microsoft .NET framework runtime 1.1 (some of the testing tools require it)
Please install VMware Player or VMware Workstation on the laptop. (GSX and ESX will not work.) VMware player can be downloaded for free at http://www.vmware.com.
At the beginning of class you will be given a Linux bootable CD. This CD will be booted within VMWare as a virtual image. You must have the ability to disable the host firewall (Windows firewall or other third party firewall) and anti-virus running on your desktop. This usually means you need to have administrative privilege on the machine. The Windows host and Linux host need to talk to each other through the VMWare network interface. A firewall could disallow such communication and render some of the exercises unsuccessful.