Philippines      New York      Services      Training Courses      Clients  

OWASP
An Introduction to Web Application Security

If you have been defending web applications as a security engineer, or probably as a web developer following software development life cycle best practices, you have likely encountered or referenced the OWASP Top 10.

Designed first as an awareness mechanism, the Top 10 covers the most critical web application security flaws via consensus reached by a global consortium of application security experts. The OWASP Top 10 promotes managing risk via an application risk management program, in addition to awareness training, application testing, and remediation. Yet, to manage such risk as an application security practitioner or developer, an appropriate tool kit is necessary.

The training course will focus on the most common web application security problems, including the OWASP Top Ten. The course will introduce and demonstrate hacking techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code.

Course Outline

1.     Introduction to Information Security – A Primer

  • Information Security versus IT Security
  • Why Assess and Measure Security?
  • The Threats – Hackers, Crackers, and Accidents
  • Security Assessments

2.     The Anatomy of a Hack

  • Information Gathering
  • Research and Exploitation
  • Defacement, Backdoors, and Sniffing
  • Scrubbing and Covering the Tracks
3. What is OWASP?

4. Securing Web Applications
  • What are Web Applications?
  • Policy Frameworks
  • Secure Coding Principles
  • Threat Risk Modeling
  • Handling E-Commerce Payments
  • Phishing
  • Web Services
  • Cryptographic Primer

5. The Top 10 Vulnerability Areas

  • Injection
  • Cross Site Scripting (XSS)
  • Broken Authentication and Session Management
  • Insecure Direct Object References
  • Cross Site Request Forgery (CSRF)
  • Security Misconfiguration
  • Insecure Cryptographic Storage
  • Failure to Restrict URL Access
  • Insufficient Transport Layer Protection
  • Unvalidated Redirects and Forwards

6. Secure Coding Guidelines

7. OWASP Testing Framework

"Courses are updated with the current trends and technolgies in information security which will be presented in our fully equiped training laboratory"


Who should attend?

Information Security Officers, Risk Managers, Security Analysts, Developers and those interested in understanding web application issues.


Duration: 3 days
Schedule: March 7 to 9, 2012
Time: 9am to 5pm
Venue: 1708 88 Corporate Center 141 Sedeno St. corner Valero St. Salcedo Village Makati City
Course Fee: Php 16,800.00 (Inclusive of VAT)


Course fee is inclusive of handouts, certificate, snacks and lunch.  Please make all checks payable to iMarket Events and Services, Inc.


Register Now!

For inquiries, please call Jennifer Chua 506-2048, 0922-8009754 or 0920-9490205.  You can also email us at jenniferchua@imarketevents.com and info@imarketevents.com.


Cancellation of registration should be made seven working-days before the training date. Otherwise, 50% of the training fee shall be charged.  No show during the training shall be charged 100% of the training fee.


Please join our 2012 Training Requirements Survey, click here.


Share
Do you like this website? Tell your friends about it!