|
InfoSec Institute: Application Security Online
Application Security Training Online
If you are a .Net or Java software developer looking to secure your applications from the latest threats, or an Information Security Professional looking to learn how to assess software security, the Application Security Training Online course is a giant leap forward to attaining these in-demand application security skill sets.
The Application Security Training Online course is the online version of InfoSec Institute's Instructor-Led Application Security Training class. Many online or CBT training offerings are simply a recording of a talking head. InfoSec Institute's Application Security Online includes a shipment of software that is loaded onto your computer, which allows you to complete over 30 hours of hands-on lab exercises! Not only do you get high quality instruction from an expert instructor, with InfoSec Institute, you also perform hands-on lab exercises that allow for real knowledge transfer. |
Some of the benefits of Application Security Training Online are:
- Attend the exact same course as the Instructor-Led Application Security Training course in an online format.
- Interact with over 54 online modules, taught by an expert instructor at your leisure via the Internet at home or work.
- We ship you a number of Virtual Machines (VMs) pre-installed with hundreds of tools and scripts that you use to perform over 32 hands-on lab exercises. These are the same lab exercises as the instructor-led class.
- Get online guidance while you perform the lab exercises, the labs have been recorded from start to finish.
- Prepare yourself for the CASS certification from home. When you purchase Penetration Testing Online, you automatically get an exam voucher for the CASS exam.
Application Security Training Online is a unique offering in the security industry. While some security courses may brush over application security, or cover the security of small-scale “demo” applications, InfoSec Institute concentrates on the latest application security attacks against modern, enterprise, applications.
This hands-on course teaches you:
- The fundamentals of modern Application Security on both .Net and Java platforms
- Application security threats and assessment/attack techniques
- The latest threats to Web Services and AJAX-enabled applications
InfoSec Institute has only the highest quality instructors, with deep background in Application Security. Our instructors are actively involved in the Application Security community. They have authored several books on the subject, spoken at various industry conferences, and are considered subject matter experts.
Application Security: Web Application Hacking is a totally hands on course. While a student in this class, you will be engaged in a thought-provoking lecture on the topic at hand, and then directly implement the relevant hands-on lab exercise in our Application Security Lab. Some of the lectures included in the course:
Some of the topics you will learn to master during the Application Security Training:
- Secure Programming Throughout the Application Development Lifecycle
- Confronting Flawed Input Data
- Implementation Best Practices
- Source code analysis scanning software
- Code Origin Access Control Methods
- Network Transmission Security with the JSSE API/SSL
- WS Security, XKMS, and WS-I Basic security profile
- SecureXML Libraries
- Privilege Escalation Opportunities
- Race Conditions
- Cross Site Scripting Injection
- .Net Secure Remoting
- Windows Forms Security
- SQL Server: Exploitation and Defense
|
- Fault Injection and Fuzzing
- Java security managers, policy files, and JAAS
- ASP.NET Security
- XOR, Base64 and Garbage Data Obfuscation
- Securely Maintaining Session State – Best Practices
- Session fixation
- Advanced SQL Injection
- Oracle PL/SQL Injection
- .Net Security tokens, XML signature, XML canonicalization, and XML encryption
- .Net WS-Trust and WS-SecureConversation
- Error Control Verbosity Abuse
|
|
Module 4—Enemies and Their Motivation
The most common hacker personality types; The reasons they participate in these activities;
Common targets for these individuals
Day 2:
Module 5—Assessing Vulnerabilities
Practical application of risk assessment to an organization; Basic understanding of vulnerability
categories; Conducting an assessment; Commonly found weak links in an assessment; Reviewing how ‘breaking’ into your own network can be a practical way to get an accurate assessment of your risk
Lab—Vulnerability Assessment, exploit usage and windows password weaknesses
Module 6—Objectives of Risk Management
Identifying specific areas where safeguards are needed to prevent deliberate or inadvertent unauthorized disclosure, modification, or unauthorized use of information, and denial of service
• How much protection is required
• How much exists
• The most economical way of providing it
• Reducing the identified risk to an acceptable level
Lab—Risk Assessment and Costs
Module 7—Defining Security Policy
Developing computer security policies and procedures for Corporations that have systems connected to the Internet. Provide practical guidance to administrators trying to secure their information and services.
Module 8—Developing Electronic Policy
Security tools by and large require that you create electronic policies from the written security policy in order to enforce compliance on the network we examine e-policies, often referred to as electronic or enforceable policies, and how they are used.
Lab—Translate Written Policy into E-Policy
Module 14—Identifying Attack Signatures
• Identifying signature by category of attack
• Identifying normal attack flow
• Identifying inspection and evasion of IDS
• Identifying potential false positives of IDS
• Identifying limitations in IDS monitoring
Lab—Integrity verification and log monitoring
Day 3:
Module 9—Policy Enforcement with Technology
Keeping the organization in compliance with their policies; Training and awareness programs;
Enforcement using technical tools, Checking compliance and enforcing policy
Lab—Responding to CERT Alerts
Module 10—Electronic Policy Baselines for Systems
Developing good security through system baselines; Using scripts to automate baseline implementation; Tools for detecting system changes
Lab-Security Configuration Manager
Module 11—Structured Monitoring
Identifying policy and procedures; Log procedures using the Defense in Depth model; Identifying Critical and Weak link systems; Centralized, Remote, and
Decentralized Monitoring; Hardening the Monitoring Stations; Minimizing Management Consoles
Day 4:
Module 12—Intrusion Detection and Centralized Monitoring
Setup of a centralized monitoring system for a corporation; Identify cost effective placement of
monitoring devices; Remote administration of monitoring systems
Lab—Snort & Packet Analysis
Module 13— Overcoming Difficulty in Monitoring
Intrusion Detection: Differentiation of what is relevant to the Intrusion sequence, what is not relevant, and what is not part of the sequence.
Lab—Analyzing Attacks
Day 5:
Module 15—Justifying the Cost of Security
A business case is made for Return of Security Investment by showing some areas where security saves money on labor and other items.
Module 16—Incident Investigation Methods
Incident investigation: the process, tools, and methods
• Avoiding “contaminating” evidence
• Definitions of common response terms
• Identification of business and legal considerations
• Understanding of the time sensitivity of response
Module 17—Understanding the Logs
Tools and methods for identifying critical information contained in the log files
Lab—IIS Log Analysis
Module 18—Security Planning for Electronic Business
Overview of the considerations necessary to securely and successfully implement electronic business over the Internet. Identifying the business structure required for conducting electronic business, identifying and minimizing the threats to electronic commerce, including threats that may involve electronic commerce ‘partners’.
Required Prerequisites:
- Workstation with Windows XP SP2, 1 GB RAM, 30 GB free hard drive space
- Windows 2000 Server installation disk
- Access to High Speed Internet connection
|
How You Benefit:
- Gain the in-demand career skills of an Application Security Professional. Learn application security fundamentals, hands on application assessment techniques and methodologies used by the top application security professionals.
- In this application security training course, learn the how and when it is appropriate to use tools to automate vulnerability discovery and when manual investigation is required.
- Develop a custom process for code assessments across many languages and platforms.
More than interesting theories and lecture, get your hands dirty in online labs.
What's Included:
- Access to 50+ online modules totaling 54 hours of training.
- Multiple VMs (Virtual Machines) pre-loaded with hundreds of tools and scripts so you can do over 31 hands-on lab exercises from home or work.
- InfoSec's Custom Application Security Enterprise Suite.
- Certified Application Security Specialist (CASS) exam fees.
- Lecture, Lab Exercise and Text books
Required Prerequisites:
- Workstation with Windows XP SP2, 1 GB RAM, 30 GB free hard drive space
- Windows 2000 Server installation disk
- Access to High Speed Internet connection
- Firm understanding of the Windows Operating System
- Programming skills in any standard language (Perl, C++/C#, Java, etc.)
- Exposure to web application development
- Desire to learn about application security and web application hacking!
- Ethical intentions
If you are unsure if you meet the required prerequisites, contact us for a quick skill check.
Current Pricing (Call 866-471-0059 for up-to-date deals): |
|
|
|
|
