Price: $1,699.00
Length: 2 Days
Print Friendly, PDF & Email

Web Security Training

Web Security Training Course Description

The web security training teaches you the advanced web browsing vulnerabilities from system penetration to identity theft as well as protection solutions to ensure the web security. TONEX as a leader in security industry for more than 15 years is now announcing the web security training which helps you to secure the communication between a client and server as well as integrity of data in web.

web security training

TONEX has served the industry and academia with high quality conferences, seminars, workshops, and exclusively designed courses in system engineering area and is pleased to inform professional fellows about the recent comprehensive training on web security.

This course covers variety of topics in web security and computer network security areas such as: HTTP protocol, cryptography in web, SSL protocol, different kinds of web attacks, browser security issues, cookies, web bugs and spywares. Moreover, you will learn about the windows system security, Linux/UNIX system security, common web servers such as Apache and IIS, access control in web, web firewalls, computer network and a lot of hands on experience and trainings for web security applications.

By taking the web security training by TONEX, you will learn about main features of HTTP protocol, header fields in HTTP, URL encoding and HTTP security issues as the most basic knowledge needed for web security.

Learn about the encryption and decryption in web, secret codes, public/private key cryptography, digital signatures, and hash algorithms in web security training.

Learn the principles of secure socket layer (SSL), SSL architecture, and different protocols offered by SSL such as: handshake protocol, record protocol, alert protocol and change cipher spec protocol.

By taking this course you will also be introduced to the most common types of web attacks such as: SQL injection, HTML codes, and web page hijacking. Moreover, you will be trained to identify the browser attacks and prepare for the proper browser security principles such as URL filtering, cookie blocking or endpoint protection methods.

If you are an IT professional who specialize in web security, you will benefit the presentations, examples, case studies, discussions, and individual activities upon the completion of the web security training and will prepare yourself for your career.

Learn about the security of windows systems, access tokens, user SID, access checking and windows permissions. Moreover, you will be introduced to the UNIX/Linux server security, different types of attacks to the servers such as DNS amplifications, heart-bleed vulnerability or user account compromising.

You will also learn about web servers such as: Apache and IIS, various access controls in web with their control threats and categories, packet filtering, web firewall, security RSA, TCP, wireless multi-hop networks, computer network layers and routing loops.

Finally, the web security training will introduce a set of labs, workshops and group activities of real world case studies in order to prepare you to tackle all the related web security challenges.

Audience

The web security training is a 2-day course designed for:

  • IT professionals in the area of information security and web security
  • Executives and managers of cyber security and web security area
  • Information technology professionals, web engineers, security analysts, policy analysts
  • Security operation personnel, network administrators, system integrators and security consultants
  • Security traders to understand the software security of web system, mobile devices, or other devices.
  • Investors and contractors who plan to make investments in system engineering industry.
  • Technicians, operators, and maintenance personnel who are or will be working on cyber security projects
  • Managers, accountants, and executives of cyber security industry.

Training Objectives

Upon completion of the web security training course, the attendees are able to:

  • Understand the information security related to World Wide Web.
  • Understand the security issues of servers related to web application.
  • Explain the main concepts of web attacks and web vulnerabilities such as malicious emails, web scripts, cookies, web bugs and spywares.
  • Explore deeply into security issues and develop test potential solutions
  • Investigate secure communication between client and server by encrypting data streams such as SSL
  • Explore the browser vulnerabilities and protection of the system against web vulnerabilities

Training Outline

The web security training course consists of the following lessons, which can be revised and tailored to the client’s need:

Overview of Information Security

  • History of Information Security
  • Multiplexed Information and Computing Service (MULTICS)
  • Definition of Security
  • Key Information Security concepts
  • Critical Characteristics of Information
  • Standards for Information Systems Security
  • Components of an Information System
  • Balancing Information Security and Access
  • Approaches to Information Security Implementation
  • The System Development Life Cycle
  • Security Professionals and Organization
  • Communities of Interest
  • Information Security; Art of Science?

HTTP Protocol

  • Overview of Hypertext Transfer Protocol (HTTP)
  • Basic Features of HTTP
  • Architecture of HTTP
  • HTTP Version
  • Parameters of HTTP
  • Messages in HTTP
  • Requests in HTTP
  • Responses in HTTP
  • HTTP Methods
  • HTTP Status Codes
  • HTTP Headers Field
  • HTTP Cashing
  • URL Encoding
  • HTTP Security

 Basic Cryptography

  • Cryptography Introduction
  • Encryption
  • Cipher Text
  • Decryption
  • Plaintext
  • Computational Difficulty in Cryptography
  • Secret Codes
  • Breaking an Encryption Scheme
  • Types of Cryptographic Functions
  • Secret Key Cryptography
  • Public Key Cryptography
  • Digital Signatures
  • Digital Certificates
  • Hash Algorithms

The SSL Protocol

  • Secure Socket Layer (SSL) Definition
  • SSL Architecture
  • SSL Handshake Protocol
  • SSL Record Protocol
  • SSL Alert Protocol
  • SSL Change Cipher Spec Protocol
  • SSL Sessions and Connections

 Web Attacks

  • Infected Web
  • Complexity of Modern Web
  • SQL Injection Attacks
  • Malicious Advertisement
  • Cross-site Scripting (XSS)
  • Phishing
  • Malicious HTML Code
  • Software Vulnerabilities
  • Web Attack Toolkits
  • Obfuscation of the Actual Attacks
  • Hijacking Web Pages
  • Fake Codec
  • Malicious Peer-to-peer Files
  • Fake Scanner Web Page
  • Blog Spam

 Browser Security

  • How does a Web Browser Work?
  • Why Browser Security?
  • Types of Browser Threats
  • Buffer Overflow
  • Root Exploit
  • Phishing
  • Cookies
  • Document Object Model
  • Cross-Site Scripting
  • Cache History Attacks
  • Security versus Usability
  • Features of a Secure Browser
  • Security Implementations and Browsers
  • Blocking Third Party Cookies
  • Same-Origin Policy
  • Security Compartmentalization
  • Update control
  • Plug-in and Extension Control
  • Prevention of Malicious Scripts
  • Content Inspection
  • URL Filtering
  • Endpoint Protection
  • Web Server Protection

 Cookies, Web Bugs and Spyware

  • Overview of Spyware
  • Online Attackers
  • Spying by a Trusted Insider
  • Data Gathered by Spyware
  • Operation of Spyware
  • Impact of Spyware
  • Common Types of Spyware
  • Browser Session Hijacking
  • Browser Helper Objects
  • Cookies and Web Bugs
  • Autonomous Spyware
  • Spyware Security Tips
  • Introduction to Cookies
  • ASCI Strings
  • Session Cookies
  • Persistent Cookies
  • Version 0 Cookies
  • Version 1 Cookies
  • Cookie Privacy Risks
  • Security Risks Related to Cookies
  • Session Hijacking
  • Definition of Web Bugs
  • Effect of Web Bug on servers
  • Where to Find Web Bugs?
  • Email Web Bugs
  • Email Wiretapping

 Windows Systems Security

  • Introduction to Windows Security
  • Windows Protection System
  • Protection State
  • Enforcement Mechanism
  • Transitions
  • Windows Subjects
  • Access Tokens
  • User SID
  • Windows Services-Domains
  • User Authentication
  • Windows Objects
  • Active Directory
  • Windows Permissions
  • Access Checking
  • Access Control Entries
  • Access Checking with ACE
  • Windows Vs Linux

 UNIX/Linux Server Security

  • Operating System (OS) Management
  • Common Vulnerabilities
  • Compromising User Accounts
  • DNS Amplification Attacks
  • NTP Reflection Attacks
  • Heartbleed Vulnerability
  • Secure Remote Access Protocol (SSH vs Telnet)
  • Secure File Transfer Protocols (SCP/SFTP vs FTP)
  • Secure Protocols for Accessing Web Servers (HTTP vs HTTPS)
  • Remote File Systems
  • Iptables
  • TCP Wrapper
  • SELinux
  • UMAK
  • SUID and SGID
  • Cron
  • Syslog
  • Patches

 Apache and IIS Web Servers

  • Introduction to Web Servers
  • Uniform Resource Identifier (URI)
  • HTTPS Request Types
  • System Architecture
  • Client-Slide Scripting Versus Server-Slide Scripting
  • Accessing Web Servers
  • Microsoft Internet Information Services (IIS)
  • Apache Web Server
  • Requesting Documents
  • XHTML
  • NET
  • Perl
  • PHP
  • Python
  • Web Resources

 Various Access Controls

  • Definitions and Key Concepts
  • Access Control Categories and Types
  • Access Control Threats
  • Access to the System
  • Access to Data
  • Intrusion Prevention and Detection System
  • Access Control Assurance

 Packet Filtering and Web Firewall

  • Basic Packet Filtering
  • Stateful Packet Filtering
  • Matching Algorithms
  • Common Configuration Errors
  • Direction Based Filtering
  • Advanced Firewall Management
  • Firewall Analysis

 Introduction to Computer Networks

  • Internet, HTTP, DNS, P2P
  • Socket, Ports
  • Congestion Control, Flow Control, TCP
  • Routing, Basic Graphs, IP
  • DSL Versus Cable, Aloha, CSMA, TDMA, Token, 802.11
  • Security RSA
  • Cellular Networks, Mobile Networks, Satellite Networks
  • Wireless Multi-hop Networks
  • Internetwork
  • Layers
  • Data Rate, Throughput and Bandwidth
  • Packets
  • Datagram Forwarding
  • Topology
  • Routing Loops
  • LAN and Ethernet
  • DNS
  • IP
  • Firewall
  • IETF and OSI
  • Epilog

 Hands On, Workshops and, Group Activities

  • Labs
  • Workshops
  • Group Activities

 Sample Workshops and Labs for Web Security Training

  • Tutorial and Hands-on for different possible web attacks
  • IP Hijacking Case Study
  • Eavesdropping HTTP passwords Case Study
  • Command Line Injection Attack Experiment
  • Using SQL Injection Vulnerabilities to Gain Access to Website
  • Using the Stolen Cookie for Identity Attack
  • ModSecurity Application to Detect Threats

Web Security Training

Request More Information

  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.