Secure Web/API Development Course

This course teaches web application developers and architects how to build applications with strong security. It covers every major aspect of application and API security through modules that provide both design and coding advice. Hands-on labs help students learn concepts interactively. The focus is on strategies and tactics that secure software during development. Prerequisites include knowledge of HTML, JavaScript, and a server-side language. Major topics include information disclosure, authentication, sessions, authorization, secure data handling, cryptography, logging, web services security, and the secure development lifecycle.

Uploaded by

Mangesh Abnave

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

209 views3 pages

Secure Web/API Development Course

Uploaded by

Mangesh Abnave

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 3

SECURE WEB/API APPLICATION DEVELOPMENT

This course is designed to teach web application developers and architects how to build applications with
world-class security. QA engineers, IT security analysts, and IT risk managers can also benefit from this course.
Every major aspect of application security is covered, and each module includes both design and coding
advice. Hands-on labs are provided to help students master the concepts in a highly interactive setting. The
course focuses on application development strategies and tactics that secure software at the source.

Prerequisites
The course is contains coding examples in both Java and ASP.Net, but can be customized for any development
language. A working knowledge of HTML, JavaScript and any server-side programming language (ASP.Net, Java,
PHP, etc.) is recommended.

Security Principles Overview: Importance of Security in the Software Development Lifecycle

Regulations, Privacy and Compliance
Impact of Security Defects
Core Security Concepts
Security Design Principles

Information Disclosure Leakage in Web Technologies (HTML, HTTP, Files, Client-Side Objects, URLs,
Web Services)
Error Handling (Structured vs. Functional)
Google Hacking

Authentication Methods of Authentication

2-Factor Authentication
Single Sign-On
Common Authentication Attacks (Brute Force, Username Harvesting, etc.)
Implementing Secure Authentication – Design and Coding

Session Management Overview of Sessions

Threats to Sessions and Impact
Common Implementation Mistakes and Exploits (Interception, Prediction,
Brute Force, etc.)
Implementing Secure Sessions – Design and Coding

Authorization
and Access Control Methods of Access Control
Discretionary Access Control (DAC)
Mandatory Access Control (MAC)
Role-Based Access Control (RBAC)
Rule-Based Access Control
Common Authorization Attacks (Parameter Tampering, Privilege Escalation,
Cross-Site Request Forgery, etc.)
Implementing Secure Authentication – Design and Coding

Secure Data Handling Overview of Data Handling

Integrity Validation
Data Validation
Business Rule Validation
Common Exploits (SQL Injection, Cross-Site Scripting, HTTP Response Splitting,
etc.)
Implementing Secure Data Handling – Design and Coding

Cryptography Hashing
Secure Password Storage
Symmetric and Asymmetric Encryption
Digital Signatures
Certificates
Key Distribution
SSL and Digital Certificates
Implementing Cryptography – Design and Coding

Logging Logging Overview

Threats and Considerations
Implementing Logging – Design and Coding

Web Service Security Simple Object Access Protocol (SOAP)

SOAP Related Protocols
Security Assertion Markup Language (SAML)
WS-Security
REpresentational State Transfer (REST)
REST Related Protocols
JSON vs XML
Implementing Secure Web Services – Design and Coding

Secure Application
Development Software Development Life Cycle (SDLC)
Threat Modeling
Application Risk Levels
Risk Assessment
STRIDE and DREAD
Severity Level Classifications
Web Application Security Tools
Web Application Security Resources
API SECURITY
This course is designed to teach web application developers and architects how to build applications with
world-class security. QA engineers, IT security analysts, and IT risk managers can also benefit from this course.
Every major aspect of application programming interface security is covered, and each module includes both
design and coding advice.

Module 1: Managed APIs

Module 2: Security by Design

Module 3: HTTP Basic/Digest Authentication

Module 4: Mutual Athentication with TLS

Module 5: Identity Delegation

Module 6: OAuth 2.0

Module 7: OAuth 2.0 MAC Token Profile

Module 8: OAuth 2.0 Profiles

Module 10: User Managed Access

Module 11: Federation

Module 12: OpenID Connect

Module 13: JWT, JWS and JWE

Module 14: Patterns and Practices

Hardware and Software Project
No ratings yet
Hardware and Software Project
19 pages
Untitled
No ratings yet
Untitled
33 pages
Cloud Computing Basics - ACCENTURE
0% (2)
Cloud Computing Basics - ACCENTURE
2 pages
Authentication and Security
No ratings yet
Authentication and Security
2 pages
Power Platform Overview & Governance
No ratings yet
Power Platform Overview & Governance
20 pages
1Z0-061 Exam Dumps With PDF and VCE Download (1-15) PDF
100% (1)
1Z0-061 Exam Dumps With PDF and VCE Download (1-15) PDF
13 pages
Vmware Vcloud Director: Install, Configure, Manage V9.X
100% (1)
Vmware Vcloud Director: Install, Configure, Manage V9.X
2 pages
Vikash Sharma. Ip Project Class 12
64% (25)
Vikash Sharma. Ip Project Class 12
27 pages
Application Security
No ratings yet
Application Security
5 pages
Document 2
No ratings yet
Document 2
5 pages
ABBYY FlexiCapture
No ratings yet
ABBYY FlexiCapture
7 pages
PHP Session Management Security
100% (5)
PHP Session Management Security
28 pages
Certified Secure Web Application Engineer (CSWAE) Course Outline - Rev.2.1
No ratings yet
Certified Secure Web Application Engineer (CSWAE) Course Outline - Rev.2.1
4 pages
Ansible Mastery for IT Professionals
No ratings yet
Ansible Mastery for IT Professionals
3 pages
Ov 5
No ratings yet
Ov 5
52 pages
2.3 Presentation of Eyes of Network 2.3.1 Presentation of Eyes of Networks
No ratings yet
2.3 Presentation of Eyes of Network 2.3.1 Presentation of Eyes of Networks
29 pages
5992-2030EN Nemo Active Testing Application (NATA) DS
No ratings yet
5992-2030EN Nemo Active Testing Application (NATA) DS
5 pages
PHP Security Crash Course - 3 - CSRF
100% (3)
PHP Security Crash Course - 3 - CSRF
26 pages
Linux KVM Virtualization Training
No ratings yet
Linux KVM Virtualization Training
2 pages
PHP Security Crash Course - 2 - XSS
100% (4)
PHP Security Crash Course - 2 - XSS
58 pages
Office Management System Project Synopsis
No ratings yet
Office Management System Project Synopsis
4 pages
FastTrack To Red Hat Linux 7 System Administrator
No ratings yet
FastTrack To Red Hat Linux 7 System Administrator
3 pages
PHP Security Crash Course - 6 - PHP Code Inclusion / Evaluation
100% (3)
PHP Security Crash Course - 6 - PHP Code Inclusion / Evaluation
23 pages
Anoop Kumar: Node.js & PHP Developer Resume
No ratings yet
Anoop Kumar: Node.js & PHP Developer Resume
4 pages
Control-M Features & Architecture Guide
No ratings yet
Control-M Features & Architecture Guide
4 pages
SQL DDL and DML Commands Guide
No ratings yet
SQL DDL and DML Commands Guide
4 pages
MS Publisher
No ratings yet
MS Publisher
2 pages
Subversion: Audience: Duration: Subversion Introduction
No ratings yet
Subversion: Audience: Duration: Subversion Introduction
3 pages
Chapter 2
No ratings yet
Chapter 2
125 pages
OWASP Cheatsheets Book
100% (1)
OWASP Cheatsheets Book
315 pages
Harjai CV Template Information Security
No ratings yet
Harjai CV Template Information Security
1 page
Junior 9th Notes
No ratings yet
Junior 9th Notes
23 pages
C Ase: Certified Application Security Engineer
0% (1)
C Ase: Certified Application Security Engineer
14 pages
Chapter 2 Web Security
No ratings yet
Chapter 2 Web Security
62 pages
Salesforce Secure Coding Guide
No ratings yet
Salesforce Secure Coding Guide
90 pages
Elmasri and Navathe Fundamental of Database Systems 7th Edition
No ratings yet
Elmasri and Navathe Fundamental of Database Systems 7th Edition
2 pages
OWASP Web Application Security Testing Checklist
No ratings yet
OWASP Web Application Security Testing Checklist
5 pages
Web Security Testing Guide
No ratings yet
Web Security Testing Guide
17 pages
Blue Coat Vs Riverbed Wan Optimization PDF
No ratings yet
Blue Coat Vs Riverbed Wan Optimization PDF
40 pages
Oracle Redo Log Performance Issues and Solutions: Sun Hongda
No ratings yet
Oracle Redo Log Performance Issues and Solutions: Sun Hongda
8 pages
Oracle Redo Log Performance Issues and Solutions: Sun Hongda
No ratings yet
Oracle Redo Log Performance Issues and Solutions: Sun Hongda
8 pages
Metropolitan Community College Course Outline
No ratings yet
Metropolitan Community College Course Outline
6 pages
API Security
No ratings yet
API Security
1 page
Dreamweaver
No ratings yet
Dreamweaver
19 pages
PHP Security for Developers
100% (1)
PHP Security for Developers
13 pages
34P - S4HANA2021 - BPD - EN - Treasury Worstation Cash Intergration
No ratings yet
34P - S4HANA2021 - BPD - EN - Treasury Worstation Cash Intergration
17 pages
OSSEC HIDS Agent Installation: 1. Download The Latest Version and Verify Its Checksum
100% (1)
OSSEC HIDS Agent Installation: 1. Download The Latest Version and Verify Its Checksum
6 pages
OP2OL 2D00 Whitepaper 2D00 Feb 2D00 2021
No ratings yet
OP2OL 2D00 Whitepaper 2D00 Feb 2D00 2021
20 pages
OWASP Top 10 API Security Risks - 2023
No ratings yet
OWASP Top 10 API Security Risks - 2023
39 pages
Nadra Jobs 02
No ratings yet
Nadra Jobs 02
3 pages
API Security Testing
No ratings yet
API Security Testing
4 pages
Install Mod - Security
No ratings yet
Install Mod - Security
18 pages
3Dconnexion Software Update Guide
No ratings yet
3Dconnexion Software Update Guide
7 pages
OWASP Developer Guide - Draft
No ratings yet
OWASP Developer Guide - Draft
143 pages
Web Security With SSL
No ratings yet
Web Security With SSL
2 pages
Web Security With SSL
No ratings yet
Web Security With SSL
2 pages
Rest Assured Deck
No ratings yet
Rest Assured Deck
56 pages
To Display The Data in Excel Inplace From An ALV and in MS Word Editor With Office 2013/2016/2019
No ratings yet
To Display The Data in Excel Inplace From An ALV and in MS Word Editor With Office 2013/2016/2019
3 pages
Operating System Accenture
No ratings yet
Operating System Accenture
3 pages
4.3.2.3 Lab - Using Steganography
No ratings yet
4.3.2.3 Lab - Using Steganography
3 pages
OWASP Pentesting Checklist
No ratings yet
OWASP Pentesting Checklist
8 pages
Cross-Site Scripting PDF
No ratings yet
Cross-Site Scripting PDF
18 pages
Linux Fundamentals Commands For: Created By: Mangesh Abnave
No ratings yet
Linux Fundamentals Commands For: Created By: Mangesh Abnave
61 pages
Excel Pivot Tables for Sales Analysis
No ratings yet
Excel Pivot Tables for Sales Analysis
16 pages
Creating Tomorrow, Together: Centrality Whitepaper
No ratings yet
Creating Tomorrow, Together: Centrality Whitepaper
48 pages
Unit 10 Evaluation and Control of Data Processing
No ratings yet
Unit 10 Evaluation and Control of Data Processing
25 pages
Reflected XSS Attacks Explained
No ratings yet
Reflected XSS Attacks Explained
4 pages
Penetration Testing Web Application - Web Application (In) Security
No ratings yet
Penetration Testing Web Application - Web Application (In) Security
2 pages
4.1 Web Application Vulnerabilities - OWASP - ZSS
No ratings yet
4.1 Web Application Vulnerabilities - OWASP - ZSS
20 pages
AppWall 755 RN
No ratings yet
AppWall 755 RN
29 pages
07-Flash Security
No ratings yet
07-Flash Security
3 pages
Monitoring Apache Tomcat With JMX
No ratings yet
Monitoring Apache Tomcat With JMX
55 pages
Shell Scripting Basic
No ratings yet
Shell Scripting Basic
3 pages
SLE221 SLES12 For SAP Applications Course Description PDF
No ratings yet
SLE221 SLES12 For SAP Applications Course Description PDF
2 pages
Android Manifest
No ratings yet
Android Manifest
12 pages
DEMO-Nagios Certified Professional - Core
No ratings yet
DEMO-Nagios Certified Professional - Core
9 pages
Ola User Terms & Conditions
No ratings yet
Ola User Terms & Conditions
20 pages
S Oracle SuperCluster For System Administrators Ed 2
No ratings yet
S Oracle SuperCluster For System Administrators Ed 2
2 pages
Codegear Delphi For PHP 2.0 Reviewer'S Guide: The Rad Visual PHP Development Environment
No ratings yet
Codegear Delphi For PHP 2.0 Reviewer'S Guide: The Rad Visual PHP Development Environment
19 pages
Nama: Nurul Athirah Syamizah BT Shamsul Kamar Tingkatan: 5 Jauhari Title: The Latest Open Source Software Available and The Latest Development in ICT Date
No ratings yet
Nama: Nurul Athirah Syamizah BT Shamsul Kamar Tingkatan: 5 Jauhari Title: The Latest Open Source Software Available and The Latest Development in ICT Date
7 pages
Evermotion Archinteriors Vol 4 PDF
No ratings yet
Evermotion Archinteriors Vol 4 PDF
2 pages
S.N.B.P International School: Formative Assessment - 2
No ratings yet
S.N.B.P International School: Formative Assessment - 2
2 pages
SAP Query Tips for Non-Programmers
No ratings yet
SAP Query Tips for Non-Programmers
3 pages
Sécurité des Apps Web: Ateliers DVWA
0% (1)
Sécurité des Apps Web: Ateliers DVWA
32 pages
Database Connectivity Using Wamp Phpmyadin Mysql and Dream Weaver by Noor Zaman
No ratings yet
Database Connectivity Using Wamp Phpmyadin Mysql and Dream Weaver by Noor Zaman
52 pages
Software Quality Assurance
No ratings yet
Software Quality Assurance
24 pages
PHP Security
No ratings yet
PHP Security
89 pages
CSRF Presentation
No ratings yet
CSRF Presentation
10 pages
OWASP MASVS Spain Nov 17
No ratings yet
OWASP MASVS Spain Nov 17
47 pages
Web Application Audit Report: Demo Account
No ratings yet
Web Application Audit Report: Demo Account
12 pages
PHP Security CPanel
No ratings yet
PHP Security CPanel
5 pages
OWASP API Security Top 10 (2019)
No ratings yet
OWASP API Security Top 10 (2019)
31 pages
Appspider Pro: Getting Started Guide
No ratings yet
Appspider Pro: Getting Started Guide
12 pages
Implementatio N and Management of Apigee Edge
No ratings yet
Implementatio N and Management of Apigee Edge
5 pages
PHP Security Checklist
No ratings yet
PHP Security Checklist
18 pages
Tech Resume for Security Experts
No ratings yet
Tech Resume for Security Experts
3 pages
What Is WAF - Definition, Functions, and Types
No ratings yet
What Is WAF - Definition, Functions, and Types
6 pages
Activating SAML Sample in BA Server
No ratings yet
Activating SAML Sample in BA Server
7 pages
Alfresco Installation Steps
No ratings yet
Alfresco Installation Steps
5 pages
Corba Case Study
No ratings yet
Corba Case Study
7 pages
SSL Decryption Guide for Admins
No ratings yet
SSL Decryption Guide for Admins
11 pages
XSS Prevention Notes
No ratings yet
XSS Prevention Notes
5 pages
Mobile Application Security and Penetration Testing: Syllabus
No ratings yet
Mobile Application Security and Penetration Testing: Syllabus
14 pages
PHP Security, Part 2: John Coggeshall
No ratings yet
PHP Security, Part 2: John Coggeshall
5 pages
Security Vulnerability Checklist
No ratings yet
Security Vulnerability Checklist
3 pages
1.HTTP Basics
No ratings yet
1.HTTP Basics
39 pages
Secure Code Review Java
No ratings yet
Secure Code Review Java
83 pages
Apache Security Hardening Guide
No ratings yet
Apache Security Hardening Guide
22 pages
Secure Web Application Ch4
No ratings yet
Secure Web Application Ch4
82 pages
Osgi Basics PDF
No ratings yet
Osgi Basics PDF
28 pages
About Us - Hackveda Limited
No ratings yet
About Us - Hackveda Limited
2 pages
jQuery Quiz: Key Concepts and Methods
No ratings yet
jQuery Quiz: Key Concepts and Methods
30 pages