close search bar

Sorry, not available in this language yet

close language selection

Attack and Defense (eLearning)

Course Description

Web applications are becoming an increasingly high-value target for hackers looking to make a quick buck, damage reputations, or just boost their “street cred.” There is no shortage of publicly known attack tools and techniques, and software developers are outnumbered and at the front line of defense. This course will teach you how attackers discover and exploit vulnerabilities in the real world and how to build a strong line of defense.

Learning Objectives

  • Recognize security flaws in web applications.
  • Build defenses against common web application vulnerabilities.
  • Use tools and techniques to test your own applications for vulnerabilities.
  • Implement application features to enhance your users’ security posture.

Details

Delivery Format: eLearning

Duration: 1 Hour

Level: Introductory

Intended Audience:

  • Architects
  • Back-End Developers
  • Enterprise Developers
  • Front-End Developers

Prerequisites:

Course Outline

Introduction to Attack and Defense

  • Introduction to Attack and Defense
  • Understanding your enemy
  • Vulnerabilities are here to stay
  • The Trinity of Trouble
  • Impacts of Insecure Software

Data Protection

  • GDPR
  • Attacks on Data in Motion
  • Securing Data in Motion: System Footprint
  • Securing Data in Motion: Encryption
  • Securing Data in Motion: Keys and Data
  • Attacks on Data at Rest
  • Securing Data at Rest
  • Crypto Best Practices

Handling User Input

  • SQL Injection
  • SQL Injection: Examples
  • Command Injection
  • Cross-Site Scripting
  • XML External Entities (XXE) Attack
  • Unvalidated Redirects: Vulnerable?
  • Unvalidated Redirects: Spotting and Defense

Authentication and Authorization

  • Authentication Attacks
  • Defending Against Authentication Attacks
  • Authorization Attacks
  • Defending Against Authorization Attacks

Session Protection

  • Weak Cookie Security
  • Attacking Sessions: Hijacking
  • Attacking Sessions: Fixation
  • Cross-Site Request Forgery
  • Protecting against CSRF
  • SameSite Cookie Attribute
  • Building Secure Session Mechanisms

Security Configurations

  • Attacking Application Configurations
  • Insecure by Default
  • Securing Third-Party Components
  • Changing Defaults
  • Preventing Information Leakage

Monitoring and Detection

  • Tools of the Trade
  • Tools: Web Application Firewalls
  • Tools: Alerts and Logging
  • Tools: Detection and Honeypots

Training

Developer Security Training

Equip development teams with the skills and education to write secure code and fix issues faster