DEV522: Defending Web Applications Security Essentials is intended for anyone tasked with implementing, managing, or protecting Web applications. It is particularly well suited to application security analysts, developers, application architects, pen testers, and auditors who are interested in recommending proper mitigations to Web security issues, and infrastructure security professionals who have an interest in better defending their Web applications.
The course will cover the topics outlined by OWASP's Top 10 risks document, as well as additional issues the authors found of importance in their day to day web application development practice. An example of the topics that will be covered include:
* infrastructure security
* server configuration
* authentication mechanisms
* application language configuration
* application coding errors like SQL injection and cross site scripting
* cross site request forging
* authentication bypass
* web services and related flaws
* Web 2.0 and it's use of web services
* XPATH and XQUERY languages and injection
* Business logic flaws