The most trusted source for computer security training, certification and research.



select a course
Global Information Assurance Certification

If you want to be a technology and security leader, this is the course for you!
-Andrew Longsworth, Priscoll's

DEVELOPER 422

Defending Web Applications Security Essentials

6 CPE Credits per day

Defending Web applications is critical!

Traditional network defenses such as firewalls fail to secure Web applications which have to be available to large user communities. The amount and importance of data entrusted to Web applications is growing, and defenders need to learn how to secure it. DEV422 covers the OWASP Top 10 and will help you to better understand Web application vulnerabilities, thus enabling you to properly defend your organization's Web assets.

Mitigation strategies from an infrastructure, architecture, and coding perspective will be discussed alongside real-world implementations that really work. The testing aspect of vulnerabilities will also be covered so you can ensure your application is tested for the vulnerabilities discussed in class.

The class goes beyond classic Web applications and includes coverage of Web 2.0 technologies like AJAX and web services.

To maximize the benefit for a wider range of audiences, the discussions in this course will be programming language agnostic. Focus will be maintained on security strategies rather than coding level implementation.

DEV422: Defending Web Applications Security Essentials is intended for anyone tasked with implementing, managing or protecting Web applications. It is particularly well suited to application security analysts, developers, application architects, pen testers and auditors who are interested in recommending proper mitigations to Web security issues, and infrastructure security professionals who have an interest in better defending their Web applications.

  • Who Should Attend:
    • Application developers
    • Application security analysts or managers
    • Application architects
    • Penetration testers who are interested to learn about defense strategies
    • Security professionals who are interested in learning about application security
    • Auditors who need to understand defensive mechanisms in applications

This course was definitely mind stimulating. The information learned here has opened my eyes to many new ideas for my network.
-David R. Franklin, 101st Airborne Division

Training Events By Course

DEVELOPER 422 :: Defending Web Applications Security Essentials
SANS 2010 Orlando, FL March 06, 2010 - March 15, 2010
SANS AppSec 2010 and WhatWorks in AppSec Summit San Francisco, CA January 29, 2010 - February 05, 2010
SANS SelfStudy Books and .MP3s Only Anytime