SECURITY 426

AJAX and Web Services Security Overview

Asynchronous JavaScript and XML (AJAX) and Web Services are currently the most active areas in Web application development. Security issues continue to rise as organizations are diving head first into insecurely implementing new Web technologies without first understanding them. This one-day, hands-on course covers the security issues, mitigation strategies, and general best practices for implementing AJAX and Web Services. We also examine real-world attacks and trends to give you a better understanding of exactly what you're protecting against. The SANS Institute promise is to ensure that you will be able to utilize what you learn the minute you get back to the office.

To maximize the benefit for a wider range of audiences, the discussions in this course will be programming language agnostic. Focus will be maintained on security strategies rather than coding level implementation. This course is definitely intended for you if you are tasked with implementing secure Web applications using Web Services or AJAX.

Course Prerequisites

A basic understanding of Web application development (such as the material covered in Security 519: Web Application Security Workshop or equivalent) is required. This course does not cover the background of Web application vulnerabilities and attacks such as SQL Injection, Cross Site Scripting, and Cross Site Forgery; it goes straight into the AJAX application. Programming expertise is not a requirement, but code examples are used to explain how the attacks work.

The quality of a SANS course is "exceptional" and the instructors are true experts with real experience.
-Todd Coston, Kern Community College District