Web Security Foundations
Contact us to book this course
Curriculum
Web and Mobile Applications
Delivery methods
On-Site, Virtual
Duration
4 days
In this advanced hands-on course, students will learn to enhance security on Web Servers. Students will experience different types of vulnerabilities and the technologies necessary to minimize Web Server exposure. Topics such as Cryptography, Digital Certificates, Public Key Infrastructure (PKI), Service and Application Security, Spyware/Malware, Network Monitoring, and basic Firewall/Proxy Server configuration will be discussed and practiced.
Who should attend
This will benefit security administrators, system administrators, network administrators, Web developers, and managers who need to understand how security affects the Web Server platforms on corporate networks.
Prerequisites
- Experience with Windows, UNIX, or Linux Operating System Management
- Experience with Internet Information Server or Apache
- Ability to read/write basic HTML
Course outline
- Areas of Security: OS, Services, Local and Network Applications, Networking Protocols
- Workshop: How Good Is Security Out-of-the-Box? Testing with Nessus and NMAP
- Cryptography Primer: Symmetric, ASymmetric, and Hashing Algorithms
- Digital Certificates and Public Key Infrastructure
- Workshop: Digital Signing and Encryption Workshop
- Internet Information Server
- Apache Web Server
- Workshop: Installing Internet Information Server or Apache
- Testing Web Server Security
- Configure Access Logging
- Workshop: How Good Is Security Out-of-the-Box? Testing with Nessus and NMAP
- System Services: Mapping to Executables/Processes/Port Usage
- Workshop: Removing Non-Essential Services
- Authentication between the Web Server and Operating System
- Web Server to File System Security
- Workshop: Establishing Web Server to Operating System Security
- Monitoring Your Network
- Common Port Usage and Application Identification
- Workshop: Network Monitoring with Ethereal
- Defending a Web Server with a Firewall
- Demonstration: Configuration of a Firewall to Defend a Web Server
- Defending a Web Server with a Proxy Server
- Workshop: Configure a Software Proxy Server for Defense
- Monitoring Application Access
- Workshop: Viewing All Files Used by Applications
- Web Browser (Internet Explorer, Netscape and Firefox) Security
- Active Components Presented through Web Browsers
- Workshop: Defining and Controlling Web Browser Configuration
- Malware/Spyware
- Workshop: Detecting and Removing Malware/Spyware
- Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
- Certificate Authorities (CA) and Public Key Infrastructure (PKI)
- Using SSL/TLS on a Web Server
- Workshop: Requesting a Digital Certificate from a CA and Enable SSL/TLS
- Distributing Trust in an Enterprise
- Installing a Certificate Authority
- Workshop: Install a Root Certificate Authority and Issue Certificates
- Understanding Technologies for Server-Side Processing
- Examining Risks of CGI, ASP, Server-Side Includes, and Other Server-Side Scripting
- Workshop: Implement Server-Side Scripts
- Techniques for Secure Web Coding
- Running Active Components on Web Servers
- Connecting Databases to Web Servers
- Workshop: Establish a Connection from a Web Server to a Back-End Database
- Review of Key Concepts
- Workshop: Audit and Secure a Web Server
