Secure Web Application Design
Foundations of Secure Web Application Design
Sydney, Melbourne 12 March 2009
Overview
The potential impact of the compromise of web application vulnerabilities to an organisation can be significant. As an increasing number of services become available online, organisations have an increased risk exposure if newly developed web applications don�t provide an appropriate level of security. Given that the cost of security remediation post-implementation can be significant, it is essential for development projects to take heedof secure web application design guidelines.
Developed in line with the Open Web Application Security Project (OWASP) Guidelines, the Foundations of Secure Web Application Design course addresses design principles, coding standards and application security assurance.
The course will develop an understanding of security issues plaguing web applications, the impact that such application vulnerabilities may have on an organisation and how such vulnerabilities can be avoided through secure web-application design.
Prerequisites
- Knowledge of the Systems Development Life Cycle
- Understanding of a common web-application development language (eg. JSP, ASP, PHP)
- An interest to learn about developing secure web-applications
Duration
Foundations of Secure Web Application Design is a 1 day course, running from 9.00am until 5.00pm. Contact us for information on scheduled dates.
Audience
This course provides coverage of security issues from an application developer�s perspective. The course is intended for anyone involved in the application development life cycle, including:
- IT Managers & Project Managers;
- Quality Assurance Managers;
- System Testers;
- Software Engineers;
- System Architects;
- Security Managers & Analysts; and
- Internal IT Auditors.
What will you take away?
In order to understand the importance of secure web application design, it is necessary to gain an awareness of the potential risk exposure organisations face and the impact of a system compromise. Identifying weaknesses in existing web applications provides an effective tool for determining secure design principles. This knowledge is developed through the Foundations of Secure Web Application Design course, with coverage of the technology challenges, common security pitfalls and causes of poor web application design.
Participants in this course will take away:
- An understanding of the risks, threats and potential consequences of not effectively developing secure web-applications
- An understanding of common weaknesses in web-applications
- A thorough understanding of secure web-application architectures and secure coding guidelines, through use of popular coding languages
- An appreciation for the importance of security assurance and peer review during the development process
Course Topics
Module 1 � Threat Profile
Effective application security needs to be integrated at the design stage of application development, to ensure the threat profile is minimised. As part of Module 1, the risks and consequences of poor application security are discussed.
Module 2 � Data Handling
This is a key principle of secure application design. The differences between client-side and server-side validation is discussed, along with the methods used for best handling invalid client requests. Poor data handling can often lead to exposure of elements within the database by alert hackers. This Module will consider a variety of attack methods, and allows participants to develop an attacker's mindset with practical exercises.
Module 3 � Secure Architecture
Handling user sessions in web-applications is important for providing functionality, yet also raises many security concerns. Establishment, maintenance and termination of user sessions is discussed. Concepts such as Authentication, Authorisation and Trust Bondaries are central themes.
Module 4 � Web Services & Life Cycle
Web Services is an emerging technology primarily used for Business-to-business (B2B) communications. It is important to consider the threats specific to this technology in the design and development of secure web applications.
Well designed applications should be highly cohesive and loosely coupled.. Maintenance of web-applications and further system enhancement is discussed in light of insecure code migration, change management and poor patching of newly discovered system exploits. A pragmatic approach to security assurance is provided through the entire course, and is important for ensuring the web-application has met expected levels of security.
E-mail Craig Searle, to register or obtain additional information of Sydney Training and Michael Baker to register or obtain additional information of Melbourne Training
|
