Price: $1,699.00

Length: 2 Days
Print Friendly, PDF & Email

Web Security Training

Web security is vital for organizations as cyber-attacks happen every 39 seconds in the U.S.

The problem is modern enterprises are now at the stage where it’s no longer scalable to have IT teams manage web security solo.

In other words, configuring a legacy antivirus and distributing a password policy is no longer enough for organizations to protect their data from cyber criminals.

The web and the use of DNS services specifically are part of 91% of all malware attacks, and email and web together are a key part for 99% of successful breaches.

That said, protecting against web security threats grows more challenging each day as IT security departments face serious challenges when trying to secure the web.

Consequently, organizations are turning to comprehensive email and web security solutions – via integrated, cloud-based technologies that simplify the task and reduce the cost of reducing risk.

This is an important web security approach because cyber criminals often leverage email and web channels together. A seamless and scalable strategy for protecting both is essential.

Effective web security is also important regarding compliance. To comply with internal policies, government-imposed criteria, or Open Web Application Security Project (OWASP) standards, security professionals consider a variety of factors.

Keeping abreast with OWASP standards helps security staff stay up to date with industry-standard web safety expectations.

In addition, encryption must be kept up to date, the latest threats in the Web Hacking Incident Database (WHID) monitored, and user authentications properly managed. When vulnerabilities emerge, security personnel must install the most recent patches to address them.

To secure data, software development teams have to implement protocols that shield code from being stolen during or after writing it.

Advantages of effective web security for organizations has many advantages such as the protection of intellectual property, improving customer confidence, preventing fraud through financial transactions like wire transfers, as well as preventing damage to hardware that can impact productivity.

It’s critical for management to understand the big picture regarding the need for web security.  Once the domain of mostly small-time hackers, internet-borne threats have evolved into a massive black market business that touches the worlds of organized crime as well as state-sponsored espionage and sabotage.

Modern cyber criminals are incredibly sophisticated, able to easily fool the untrained eye or bypass legacy security. Plus, with an array of ready-made tools, exploit kits, JavaScript modules, and even fully developed campaigns for sale, even a novice bad actor can easily launch an attack.

Web Security Training Course by Tonex

Web Security Training Course Description

The web security training teaches you the advanced web browsing vulnerabilities from system penetration to identity theft as well as protection solutions to ensure the web security. Tonex as a leader in security industry for more than 15 years is now announcing the web security training which helps you to secure the communication between a client and server as well as integrity of data in web.

web security training

Tonex has served the industry and academia with high quality conferences, seminars, workshops, and exclusively designed courses in system engineering area and is pleased to inform professional fellows about the recent comprehensive training on web security.

This course covers variety of topics in web security and computer network security areas such as: HTTP protocol, cryptography in web, SSL protocol, different kinds of web attacks, browser security issues, cookies, web bugs and spywares. Moreover, you will learn about the windows system security, Linux/UNIX system security, common web servers such as Apache and IIS, access control in web, web firewalls, computer network and a lot of hands on experience and trainings for web security applications.

By taking the web security training by Tonex, you will learn about main features of HTTP protocol, header fields in HTTP, URL encoding and HTTP security issues as the most basic knowledge needed for web security.

Learn about the encryption and decryption in web, secret codes, public/private key cryptography, digital signatures, and hash algorithms in web security training.

Learn the principles of secure socket layer (SSL), SSL architecture, and different protocols offered by SSL such as: handshake protocol, record protocol, alert protocol and change cipher spec protocol.

By taking this course you will also be introduced to the most common types of web attacks such as: SQL injection, HTML codes, and web page hijacking. Moreover, you will be trained to identify the browser attacks and prepare for the proper browser security principles such as URL filtering, cookie blocking or endpoint protection methods.

If you are an IT professional who specialize in web security, you will benefit the presentations, examples, case studies, discussions, and individual activities upon the completion of the web security training and will prepare yourself for your career.

Learn about the security of windows systems, access tokens, user SID, access checking and windows permissions. Moreover, you will be introduced to the UNIX/Linux server security, different types of attacks to the servers such as DNS amplifications, heart-bleed vulnerability or user account compromising.

You will also learn about web servers such as: Apache and IIS, various access controls in web with their control threats and categories, packet filtering, web firewall, security RSA, TCP, wireless multi-hop networks, computer network layers and routing loops.

Finally, the web security training will introduce a set of labs, workshops and group activities of real world case studies in order to prepare you to tackle all the related web security challenges.


The web security training is a 2-day course designed for:

  • IT professionals in the area of information security and web security
  • Executives and managers of cyber security and web security area
  • Information technology professionals, web engineers, security analysts, policy analysts
  • Security operation personnel, network administrators, system integrators and security consultants
  • Security traders to understand the software security of web system, mobile devices, or other devices.
  • Investors and contractors who plan to make investments in system engineering industry.
  • Technicians, operators, and maintenance personnel who are or will be working on cyber security projects
  • Managers, accountants, and executives of cyber security industry.

Training Objectives

Upon completion of the web security training course, the attendees are able to:

  • Understand the information security related to World Wide Web.
  • Understand the security issues of servers related to web application.
  • Explain the main concepts of web attacks and web vulnerabilities such as malicious emails, web scripts, cookies, web bugs and spywares.
  • Explore deeply into security issues and develop test potential solutions
  • Investigate secure communication between client and server by encrypting data streams such as SSL
  • Explore the browser vulnerabilities and protection of the system against web vulnerabilities

Training Outline

The web security training course consists of the following lessons, which can be revised and tailored to the client’s need:

Overview of Information Security

  • History of Information Security
  • Multiplexed Information and Computing Service (MULTICS)
  • Definition of Security
  • Key Information Security concepts
  • Critical Characteristics of Information
  • Standards for Information Systems Security
  • Components of an Information System
  • Balancing Information Security and Access
  • Approaches to Information Security Implementation
  • The System Development Life Cycle
  • Security Professionals and Organization
  • Communities of Interest
  • Information Security; Art of Science?

HTTP Protocol

  • Overview of Hypertext Transfer Protocol (HTTP)
  • Basic Features of HTTP
  • Architecture of HTTP
  • HTTP Version
  • Parameters of HTTP
  • Messages in HTTP
  • Requests in HTTP
  • Responses in HTTP
  • HTTP Methods
  • HTTP Status Codes
  • HTTP Headers Field
  • HTTP Cashing
  • URL Encoding
  • HTTP Security

 Basic Cryptography

  • Cryptography Introduction
  • Encryption
  • Cipher Text
  • Decryption
  • Plaintext
  • Computational Difficulty in Cryptography
  • Secret Codes
  • Breaking an Encryption Scheme
  • Types of Cryptographic Functions
  • Secret Key Cryptography
  • Public Key Cryptography
  • Digital Signatures
  • Digital Certificates
  • Hash Algorithms

The SSL Protocol

  • Secure Socket Layer (SSL) Definition
  • SSL Architecture
  • SSL Handshake Protocol
  • SSL Record Protocol
  • SSL Alert Protocol
  • SSL Change Cipher Spec Protocol
  • SSL Sessions and Connections

 Web Attacks

  • Infected Web
  • Complexity of Modern Web
  • SQL Injection Attacks
  • Malicious Advertisement
  • Cross-site Scripting (XSS)
  • Phishing
  • Malicious HTML Code
  • Software Vulnerabilities
  • Web Attack Toolkits
  • Obfuscation of the Actual Attacks
  • Hijacking Web Pages
  • Fake Codec
  • Malicious Peer-to-peer Files
  • Fake Scanner Web Page
  • Blog Spam

 Browser Security

  • How does a Web Browser Work?
  • Why Browser Security?
  • Types of Browser Threats
  • Buffer Overflow
  • Root Exploit
  • Phishing
  • Cookies
  • Document Object Model
  • Cross-Site Scripting
  • Cache History Attacks
  • Security versus Usability
  • Features of a Secure Browser
  • Security Implementations and Browsers
  • Blocking Third Party Cookies
  • Same-Origin Policy
  • Security Compartmentalization
  • Update control
  • Plug-in and Extension Control
  • Prevention of Malicious Scripts
  • Content Inspection
  • URL Filtering
  • Endpoint Protection
  • Web Server Protection

 Cookies, Web Bugs and Spyware

  • Overview of Spyware
  • Online Attackers
  • Spying by a Trusted Insider
  • Data Gathered by Spyware
  • Operation of Spyware
  • Impact of Spyware
  • Common Types of Spyware
  • Browser Session Hijacking
  • Browser Helper Objects
  • Cookies and Web Bugs
  • Autonomous Spyware
  • Spyware Security Tips
  • Introduction to Cookies
  • ASCI Strings
  • Session Cookies
  • Persistent Cookies
  • Version 0 Cookies
  • Version 1 Cookies
  • Cookie Privacy Risks
  • Security Risks Related to Cookies
  • Session Hijacking
  • Definition of Web Bugs
  • Effect of Web Bug on servers
  • Where to Find Web Bugs?
  • Email Web Bugs
  • Email Wiretapping

 Windows Systems Security

  • Introduction to Windows Security
  • Windows Protection System
  • Protection State
  • Enforcement Mechanism
  • Transitions
  • Windows Subjects
  • Access Tokens
  • User SID
  • Windows Services-Domains
  • User Authentication
  • Windows Objects
  • Active Directory
  • Windows Permissions
  • Access Checking
  • Access Control Entries
  • Access Checking with ACE
  • Windows Vs Linux

 UNIX/Linux Server Security

  • Operating System (OS) Management
  • Common Vulnerabilities
  • Compromising User Accounts
  • DNS Amplification Attacks
  • NTP Reflection Attacks
  • Heartbleed Vulnerability
  • Secure Remote Access Protocol (SSH vs Telnet)
  • Secure File Transfer Protocols (SCP/SFTP vs FTP)
  • Secure Protocols for Accessing Web Servers (HTTP vs HTTPS)
  • Remote File Systems
  • Iptables
  • TCP Wrapper
  • SELinux
  • UMAK
  • SUID and SGID
  • Cron
  • Syslog
  • Patches

 Apache and IIS Web Servers

  • Introduction to Web Servers
  • Uniform Resource Identifier (URI)
  • HTTPS Request Types
  • System Architecture
  • Client-Slide Scripting Versus Server-Slide Scripting
  • Accessing Web Servers
  • Microsoft Internet Information Services (IIS)
  • Apache Web Server
  • Requesting Documents
  • NET
  • Perl
  • PHP
  • Python
  • Web Resources

 Various Access Controls

  • Definitions and Key Concepts
  • Access Control Categories and Types
  • Access Control Threats
  • Access to the System
  • Access to Data
  • Intrusion Prevention and Detection System
  • Access Control Assurance

 Packet Filtering and Web Firewall

  • Basic Packet Filtering
  • Stateful Packet Filtering
  • Matching Algorithms
  • Common Configuration Errors
  • Direction Based Filtering
  • Advanced Firewall Management
  • Firewall Analysis

 Introduction to Computer Networks

  • Internet, HTTP, DNS, P2P
  • Socket, Ports
  • Congestion Control, Flow Control, TCP
  • Routing, Basic Graphs, IP
  • DSL Versus Cable, Aloha, CSMA, TDMA, Token, 802.11
  • Security RSA
  • Cellular Networks, Mobile Networks, Satellite Networks
  • Wireless Multi-hop Networks
  • Internetwork
  • Layers
  • Data Rate, Throughput and Bandwidth
  • Packets
  • Datagram Forwarding
  • Topology
  • Routing Loops
  • LAN and Ethernet
  • DNS
  • IP
  • Firewall
  • IETF and OSI
  • Epilog

 Hands On, Workshops and, Group Activities

  • Labs
  • Workshops
  • Group Activities

 Sample Workshops and Labs for Web Security Training

  • Tutorial and Hands-on for different possible web attacks
  • IP Hijacking Case Study
  • Eavesdropping HTTP passwords Case Study
  • Command Line Injection Attack Experiment
  • Using SQL Injection Vulnerabilities to Gain Access to Website
  • Using the Stolen Cookie for Identity Attack
  • ModSecurity Application to Detect Threats

Web Security Training

Request More Information

Please enter contact information followed by your questions, comments and/or request(s):
  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.

Request More Information

  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.