Exploiting and Protecting Web Applications
Fee may apply
Enroll today to experience new and improved course content, including an exclusive interview with Parisa Tabriz, Engineering Director, Google.
Web applications are vulnerable to many types of attacks to which traditional client-server applications are not as susceptible. These vulnerabilities, over the past several years, have resulted in attacks that have exposed companies to monetary losses and reputational damage.
This course covers these vulnerabilities, how attacks are constructed based on them, and techniques that can be used to mitigate such vulnerabilities.
What you will learn
- Browser Security Model (document object model, same-origin-policy andviolations of it), and SSL
- Coverage of HTML5 vulnerabilities due to frame communication, localstorage, cross-origin resource sharing, and other HTML5 features
- SQL Injection (and other forms of command injection including LDAP andXPath Injection)
- Cross-site scripting (XSS), cross-site request forgery (XSRF), andcross-site script inclusion (XSSI), Clickjacking
- Prevention techniques including input validation, output escaping, signatures, message authentication codes, and frame busting
- $495 per online course
- $75 one-time document fee ?
On Demand Webinars
View our free on-demand webinars to get a preview of the courses we have to offer.
Includes 60 days access to the online course homepage and digital color PDF's of presentations and handouts when available.
*Note: All amounts shown are in USD
60 day access to the online course starts upon payment. The end date of a section of this course does not restrict your access to the course material.
Course materials are available for download from the online videos page. All materials are available for printing and review upon enrollment.
Online participants are asked to complete a final exam at the end of each course to maintain the integrity of the program. A score of 85% must be achieved to successfully pass the exam. A digital record of completion will be emailed to participants when they pass the exam.
It is required that participants complete the course evaluation once they have passed the final exam.