- Training
- Training Live Events
- Training Without Travel
- Security Courses
- Security Curricula
- Certified Instructors
- Training Calendars
- SANS vLive! / SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- Coins
- SANS Onsite
- SANS SelfStudy
- SANS Summit Series
- SANS Partnership Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- List of Resources
- Top 20 List
- Top 25 Programming Errors
- 20 Coolest Jobs
- Application Security Procurement Language
- Top 10 Security Trends
- Top 5 Essential Log Reports
- Reading Room
- Webcasts
- AudioCasts
- WhatWorks
- Newsletters
- RSS Feeds
- Calendar Feeds
- Security Thought Leaders
- Security Policy Project
- Security+ Study Guide
- SANS Buyers Guide
- Security Tool Demos
- 2008 Salary Survey
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
The most trusted source for computer security training, certification and research.
This is the real deal - no fluff!
-Nancy Rice, Capital Blue Cross
NOTE: Mentor sessions run for 10 weeks, one evening a week for two hours unless otherwise noted below.
Developer 319: Intro to Web Application Security
Ann Arbor, MI
Thursday, September 17, 2009 - Thursday, October 22, 2009
Class will meet Tuesday, September 15 for week one and on Thursdays thereafter.
CLOSEDCourse Fee: $1,500.00
| $199.00 | Additional For OnDemand |
* Payment must be RECEIVED by the deadline to receive the posted rate.
Mentor: Shanti Suresh
Date:
Thursday, September 17, 2009
Meeting Time:
6:30 PM - 8:30 PM
Where:
The University of MichiganMentor Bio:
Duderstadt Center
2281 Bonisteel Boulevard, Room 2161
Ann Arbor, MI
Phone: 734.763.3266
http://www.dc.umich.edu/
Shanti Suresh: Shanti Suresh is a senior Programmer Analyst in the Medical Center Information Technology at the University of Michigan Health Systems. Shanti has over fifteen years of experience in IT infrastructure and secure computing. In her present position, she is the technical lead for the Enterprise Clinical Systems Web-hosting team. She has helped plan the application hosting architectures for clinical applications. She has conducted security audits for the hosting environments and recommended security policies. She has automated the roll outs of secure application hosting environments for many mission-critical clinical applications. In her previous position as a senior network engineer, Shanti setup the University of Michigan’s Network Operations Center and trained and mentored the operations staff. Shanti holds the RCDD and GWAS certifications.
Shanti feels that this class covers the web-application security area in a highly logical manner and her goal is to share the knowledge with others interested in the topic. With an understanding of the threats and some simple practices, one may achieve quite a high degree of resilience to common web-based attacks. The material covered in the class is quite relevant to, developers, administrators and users of the web. Shanti brings her own experience in secure web-hosting to augment the material covered in the class.
From a mere 26 Web servers operating in November 1992 growing to well over 100 million Web sites today, we have come a long way in Web technology over a short period of time. Today, almost every organization has its own Web site for conducting business transactions or other critical functions. And for many companies, their online presence has become a major revenue generator. As everyone jumps on the bandwagon to do business on the Web, many problems can arise which are directly related to the security aspects of Web applications. The adage "where there is money, there is crime" has become true on a daily basis as we see credit cards and other financial data compromised through Web application vulnerabilities. And that is not even the full extent of the problem because Web-based malware and worms are still spreading in the wild.
Intro to Web Application Security is a two-day hands-on, action-packed course covering the common vulnerabilities that are leveraged by attackers, the basic principles of securing Web applications, and basic testing techniques for detecting the vulnerabilities. This course will help you understand the mechanics of the components necessary for effective Web application security which will then enable you to properly defend your organization's assets. With the information you learn in this class, you will be able to perform basic security testing on Web applications as well as architect, design, and develop more secure Web applications.
This course is particularly well suited to developers, QA analysts, and infrastructure security professionals who have an interest in exploring the Web application security world.
Who Should Attend
- Security practitioners and managers
- Auditors
- QA analysts who want to learn the mechanics of Web applications for better testing
- IT infrastructure professionals who want a basic understanding of Web technologies and security issues
- Anyone interested in techniques for securing Web applications
Sampling of Topics
- Secuaring Web Application Architectures and Infrastructures
- Cryptography
- Authentication
- Access Control
- Session Mechanism
- Web Application Logging
- Input Issues and Validation SQL Injection
- Cross-Site Scripting
- Phishing
- HTTP Response Splitting
- Cross-Site Request Forgery
- © 2000-2009 The SANS™ Institute
- Web Privacy Policy | Web Contact |
- Press Room | Trademark Usage Policy