- Training
- Training Live Events
- Training Without Travel
- Security Courses
- Security Curricula
- Certified Instructors
- Training Calendars
- SANS vLive! / SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- Coins
- SANS Onsite
- SANS SelfStudy
- SANS Summit Series
- SANS Partnership Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- List of Resources
- Top 20 List
- Top 25 Programming Errors
- 20 Coolest Jobs
- Application Security Procurement Language
- Top 10 Security Trends
- Top 5 Essential Log Reports
- Reading Room
- Webcasts
- AudioCasts
- WhatWorks
- Newsletters
- RSS Feeds
- Calendar Feeds
- Security Thought Leaders
- Security Policy Project
- Security+ Study Guide
- SANS Buyers Guide
- Security Tool Demos
- 2008 Salary Survey
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
The most trusted source for computer security training, certification and research.
select a course
Generic course descriptions, individual event descriptions may vary. Be sure to read the course description for exact training event you're interested in carefully.
>> Upcoming Events for this Course <<
Sort Within Discipline By: Popularity | Title | Course Number
If you want to be a technology and security leader, this is the course for you!
-Andrew Longsworth, Priscoll's
Developer 422
4 Day Course
(Portal Account Required)
(SelfStudy Available)
Defending Web Applications Security Essentials
6 CPE Credits per dayDefending Web applications is critical!
Traditional network defenses such as firewalls fail to secure Web applications which have to be available to large user communities. The amount and importance of data entrusted to Web applications is growing, and defenders need to learn how to secure it. DEV422 covers the OWASP Top 10 and will help you to better understand Web application vulnerabilities, thus enabling you to properly defend your organization's Web assets.
Mitigation strategies from an infrastructure, architecture, and coding perspective will be discussed alongside real-world implementations that really work. The testing aspect of vulnerabilities will also be covered so you can ensure your application is tested for the vulnerabilities discussed in class.
The class goes beyond classic Web applications and includes coverage of Web 2.0 technologies like AJAX and web services.
To maximize the benefit for a wider range of audiences, the discussions in this course will be programming language agnostic. Focus will be maintained on security strategies rather than coding level implementation.
DEV422: Defending Web Applications Security Essentials is intended for anyone tasked with implementing, managing or protecting Web applications. It is particularly well suited to application security analysts, developers, application architects, pen testers and auditors who are interested in recommending proper mitigations to Web security issues, and infrastructure security professionals who have an interest in better defending their Web applications.
- Who Should Attend:
- Application developers
- Application security analysts or managers
- Application architects
- Penetration testers who are interested to learn about defense strategies
- Security professionals who are interested in learning about application security
- Auditors who need to understand defensive mechanisms in applications
Training Events By Course
| DEVELOPER 422 :: Defending Web Applications Security Essentials | ||
| SANS 2010 | Orlando, FL | March 06, 2010 - March 15, 2010 |
| SANS AppSec 2010 and WhatWorks in AppSec Summit | San Francisco, CA | January 29, 2010 - February 05, 2010 |
| SANS SelfStudy | Books and .MP3s Only | Anytime |
- © 2000-2009 The SANS™ Institute
- Web Privacy Policy | Web Contact |
- Press Room | Trademark Usage Policy