C)SWAE: Certified Secure Web Application Engineer
The Certified Secure Web Application Engineer (C)SWAE) course is delivered by high level OWASP experts and students can expect to obtain real world security knowledge that enables them to recognize vulnerabilities, exploit system weaknesses and help safeguard against application threats. You will learn how to develop web applications that aren't subject to common vulnerabilities, and how to test and validate that their applications are secure, reliable and resistant to attack.
Description
Overview
The Certified Secure Web Application Engineer course is delivered by high level OWASP experts and students can expect to obtain real world security knowledge that enables them to recognize vulnerabilities, exploit system weaknesses and help safeguard against application threats.
Secure Web Application Engineers work to design information systems that are secure on the web. Organizations and governments fall victim to internet-based attacks every day. In many cases, web attacks could be thwarted but hackers, organized criminal gangs, and foreign agents are able to exploit weaknesses in web applications. The Secure Web programmer knows how to identify, mitigate and defend against all attacks through designing and building systems that are resistant to failure. With this course you will learn how to develop web applications that aren't subject to common vulnerabilities, and how to test and validate that their applications are secure, reliable and resistant to attack.
The vendor neutral Certified Secure Web Application Engineer certification provides the developer with a thorough and broad understanding of secure application concepts, principles and standards. The student will be able to design, develop and test web applications that will provide reliable web services that meet functional business requirements and satisfy compliance and assurance needs.
Course Objectives
Upon completion, Certified Secure Web Application Engineer students will be able to establish industry acceptable auditing standards with current best practices and policies. Students will also be prepared to competently take the C)SWAE exam.
Who Should Attend
- Pen Testers
- Security Officers
- Ethical Hackers
- Network Auditors
- Vulnerability assessors
- System Owners and Managers
- Cyber Security Engineers
Course Outline
Module 01: Web Application Security
Module 02: Secure SDLC
Module 03: OWASP Top 10
Module 04: Risk Management
Module 05: Threat Modeling
Module 06: Authentication and Authorization Attacks
Module 07: Session Management
Module 08: Security Architecture
Module 09: Data Validation
Module 10: AJAX Security
Module 11: Insecurity Code Review and Mitigation
Module 12: Application Mapping Analysis
Module 13: Cryptography
Module 14: Web Application Penetration Testing
Detailed Labs Outline
Lab 01: Environment Setup and Architecture
Lab 02: OWASP TOP 10 2013
Lab 03: Threat Modeling
Lab 04: Application Mapping & Analysis
Lab 05: Authentication and Authorization attacks
Lab 06: Session Management attacks
Lab 07: AJAX Security
Lab 08: Code Review and Security Testing
Lab 09: Alternatives Labs
Prerequisites
- Sound knowledge of networking
- At least one coding language
- Linux understanding
- Open shell
OR
- 24 months experience in software technologies and security