SANS London 2009 - Intro to Web Application Security

SANS Institute

The most trusted source for computer security training, certification and research.

select a course

London, United Kingdom - November 28 - December 6, 2009

Vendor Events
Special Events
SANS @Night
Brochure (PDF)

Global Information Assurance Certification

Global Information Assurance Certification
Number of Certified Professionals
29,295

504 was a great course to better enhance my understanding of attack methods and how to better defend my systems
-Dustin Odsa, Indiana University

Developer 319

2 Day Course

(Portal Account Required)

For GIAC STAR

If you register for the full course, you may register to seek your STAR .

Online exam issued with 4-month deadline 7-10 days following conference.

Additional information:
STAR Information
GIAC FAQ
Fee Information

For OnDemand Bundles

You can bundle SANS OnDemand online training and assessment package for an additional €199.00 EURO when registering for the full course. Additional information can be found at the OnDemand Bundles page and the OnDemand FAQ.

VAT Rate Info
15% VAT will be added to the tuition costs.

SANS London 2009
PDF Brochure

DEVELOPER 319

Intro to Web Application Security

Saturday 28 November - Sunday 29 November 2009 : 9am - 5pm
Johannes Ullrich, PhD, SANS Certified Instructor
6 CPE Credits per day

Laptop RequiredFree

From a mere 26 Web servers operating in November 1992 growing to well over 100 million Web sites today, we have come a long way in Web technology over a short period of time. Today, almost every organization has its own Web site for conducting business transactions or other critical functions. And for many companies, their online presence has become a major revenue generator. As everyone jumps on the bandwagon to do business on the Web, many problems can arise which are directly related to the security aspects of Web applications. The adage "where there is money, there is crime" has become true on a daily basis as we see credit cards and other financial data compromised through Web application vulnerabilities. And that is not even the full extent of the problem because Web-based malware and worms are still spreading in the wild.

Intro to Web Application Security is a two-day hands-on, action-packed course covering the common vulnerabilities that are leveraged by attackers, the basic principles of securing Web applications, and basic testing techniques for detecting the vulnerabilities. This course will help you understand the mechanics of the components necessary for effective Web application security which will then enable you to properly defend your organization's assets. With the information you learn in this class, you will be able to perform basic security testing on Web applications as well as architect, design, and develop more secure Web applications.

This course is particularly well suited to developers, QA analysts, and infrastructure security professionals who have an interest in exploring the Web application security world.

Who Should Attend

Security practitioners and managers
Auditors
QA analysts who want to learn the mechanics of Web applications for better testing
IT infrastructure professionals who want a basic understanding of Web technologies and security issues
Anyone interested in techniques for securing Web applications

Sampling of Topics

Securing Web Application Architectures and Infrastructures
Cryptography
Authentication
Access Control
Session Mechanism
Web Application Logging
Input Issues and Validation
Cross-Site Scripting
Phishing
HTTP Response Splitting
Cross-Site Request Forgery

I think this course changed my life.
-James Welcher, LBNL