Web Security Training : Tonex Training

WEB SECURITY
https://www.tonex.com/training-courses/web-security/
C Y B E R S E C U R I T Y F O U N D A T I O N
WEB SECURITY TRAINING & COURSES

Web Security Training
The web security training helps you to learn the advanced web
browsing vulnerabilities from system penetration to identity theft as
well as protection solutions to ensure the web security.
TONEX as a leader in security industry for more than 15 years is now
announcing the web security training which helps you to secure the
communication between a client and server as well as integrity of
data in web.
TONEX has served the industry and academia with high quality
conferences, seminars, workshops, and exclusively designed courses
in system engineering area and is pleased to inform professional
fellows about the recent comprehensive training on web security.
This course covers variety of topics in web security and computer
network security areas such as: HTTP protocol, cryptography in web,
SSL protocol, different kinds of web attacks, browser security issues,
cookies, web bugs and spywares. Moreover, you will learn about the
windows system security, Linux/UNIX system security, common web
servers such as Apache and IIS, access control in web, web firewalls,
computer network and a lot of hands on experience and trainings for
web security applications.

By taking the web security training by TONEX, you will learn about
main features of HTTP protocol, header fields in HTTP, URL encoding
and HTTP security issues as the most basic knowledge needed for
web security.
Learn about the encryption and decryption in web, secret codes,
public/private key cryptography, digital signatures, and hash
algorithms in web security training.
Learn the principles of secure socket layer (SSL), SSL architecture, and
different protocols offered by SSL such as: handshake protocol, record
protocol, alert protocol and change cipher spec protocol.
By taking this course you will also be introduced to the most common
types of web attacks such as: SQL injection, HTML codes, and web
page hijacking. Moreover, you will be trained to identify the browser
attacks and prepare for the proper browser security principles such as
URL filtering, cookie blocking or endpoint protection methods.

If you are an IT professional who specialize in web security, you will
benefit the presentations, examples, case studies, discussions, and
individual activities upon the completion of the web security training
and will prepare yourself for your career.
Learn about the security of windows systems, access tokens, user SID,
access checking and windows permissions. Moreover, you will be
introduced to the UNIX/Linux server security, different types of
attacks to the servers such as DNS amplifications, heart-bleed
vulnerability or user account compromising.
You will also learn about web servers such as: Apache and IIS, various
access controls in web with their control threats and categories,
packet filtering, web firewall, security RSA, TCP, wireless multi-hop
networks, computer network layers and routing loops.
Finally, the web security training will introduce a set of labs,
workshops and group activities of real world case studies in order to
prepare you to tackle all the related web security challenges.

Audience
The web security training is a 2-day course designed for:
• IT professionals of information security and web security area.
• Executives and managers of cyber security and web security area
• Information technology professionals, web engineers, security
analysts, policy analysts
• Security operation personnel, network administrators, system
integrators and security consultants
• Security traders to understand the software security of web
system, mobile devices, or other devices.
• Investors and contractors who plan to make investments in
system engineering industry.
• Technicians, operators, and maintenance personnel who are or
will be working on cyber security projects
• Managers, accountants, and executives of cyber security industry.

Training Objectives
Upon completion of the web security training course, the attendees
are able to:
• Understand the information security related to World Wide Web.
• Understand the security issues of web application servers.
• Explain the main concepts of web attacks and web vulnerabilities
such as malicious emails, web scripts, web bugs and spywares.
• Explore deeply into security issues and develop solutions.
• Investigate secure communication between client and server by
encrypting data streams such as SSL.
• Explore the browser vulnerabilities and protection of the system
against web vulnerabilities.

Training Outline
The web security training course consists of the following lessons,
which can be revised and tailored to the client’s need:
• Overview of Information Security
• HTTP Protocol
• Basic Cryptography
• The SSL Protocol
• Web Attacks
• Browser Security
• Cookies, Web Bugs and Spyware
• Windows Systems Security
• UNIX/Linux Server Security
• Apache and IIS Web Servers
• Various Access Controls
• Packet Filtering and Web Firewall
• Introduction to Computer Networks
• Hands On, Workshops and, Group Activities
• Sample Workshops and Labs for Web Security Training

Overview of Information Security
• History of Information Security
• Multiplexed Information and Computing Service (MULTICS)
• Definition of Security
• Key Information Security concepts
• Critical Characteristics of Information
• Standards for Information Systems Security
• Components of an Information System
• Balancing Information Security and Access
• Approaches to Information Security Implementation
• The System Development Life Cycle
• Security Professionals and Organization
• Communities of Interest
• Information Security; Art of Science?

HTTP Protocol
• Overview of Hypertext Transfer Protocol (HTTP)
• Basic Features of HTTP
• Architecture of HTTP
• HTTP Version
• Parameters of HTTP
• Messages in HTTP
• Requests in HTTP
• Responses in HTTP
• HTTP Methods
• HTTP Status Codes
• HTTP Headers Field
• HTTP Cashing
• URL Encoding
• HTTP Security

Basic Cryptography:
• Cryptography Introduction
• Encryption
• Cipher Text
• Decryption
• Plaintext
• Computational Difficulty in Cryptography
• Secret Codes
• Breaking an Encryption Scheme
• Types of Cryptographic Functions
• Secret Key Cryptography
• Public Key Cryptography
• Digital Signatures
• Digital Certificates
• Hash Algorithms

The SSL Protocol
• Secure Socket Layer (SSL) Definition
• SSL Architecture
• SSL Handshake Protocol
• SSL Record Protocol
• SSL Alert Protocol
• SSL Change Cipher Spec Protocol
• SSL Sessions and Connections

Web Attacks
• Infected Web
• Complexity of Modern Web
• SQL Injection Attacks
• Malicious Advertisement
• Cross-site Scripting (XSS)
• Phishing
• Malicious HTML Code
• Software Vulnerabilities
• Web Attack Toolkits
• Obfuscation of the Actual Attacks
• Hijacking Web Pages
• Fake Codec
• Malicious Peer-to-peer Files
• Fake Scanner Web Page
• Blog Spam
Web Attacks

Browser Security
• How does a Web Browser Work?
• Why Browser Security?
• Types of Browser Threats
• Buffer Overflow
• Root Exploit
• Phishing & Cookies
• Document Object Model
• Cross-Site Scripting
• Cache History Attacks
• Security versus Usability
• Features of a Secure Browser
• Security Implementations and Browsers
• Blocking Third Party Cookies
• Same-Origin Policy
• Security Compartmentalization
• Update control
• Plug-in and Extension Control
• Prevention of Malicious Scripts
• Content Inspection, URL Filtering
• Endpoint Protection, Web Server Protection

Cookies, Web Bugs and Spyware
• Overview of Spyware
• Online Attackers
• Spying by a Trusted Insider
• Data Gathered by Spyware
• Operation of Spyware
• Impact of Spyware
• Common Types of Spyware
• Browser Session Hijacking
• Browser Helper Objects
• Cookies and Web Bugs
• Autonomous Spyware
• Spyware Security Tips
• Introduction to Cookies
• ASCI Strings
• Session & Persistent Cookies
• Version 0 Cookies & Version 1 Cookies
• Cookie Privacy Risks
• Security Risks Related to Cookies
• Session Hijacking
• Definition & effect of Web Bugs on server
• Email Web Bugs & Wiretapping

Windows Systems Security
• Introduction to Windows Security
• Windows Protection System
• Protection State
• Enforcement Mechanism
• Transitions
• Windows Subjects
• Access Tokens
• User SID
• Windows Services-Domains
• User Authentication
• Windows Objects
• Active Directory
• Windows Permissions
• Access Checking
• Access Control Entries
• Access Checking with ACE
• Windows Vs Linux

UNIX/Linux Server Security
• Operating System (OS) Management
• Common Vulnerabilities
• Compromising User Accounts
• DNS Amplification Attacks
• NTP Reflection Attacks
• Heartbleed Vulnerability
• Secure Remote Access Protocol (SSH vs Telnet)
• Secure File Transfer Protocols (SCP/SFTP vs FTP)
• Secure Protocols for Accessing Web Servers (HTTP vs HTTPS)
• Remote File Systems
• Iptables
• TCP Wrapper
• SELinux
• UMAK
• SUID and SGID
• Cron
• Syslog
• Patches

Apache and IIS Web Servers
• Introduction to Web Servers
• Uniform Resource Identifier (URI)
• HTTPS Request Types
• System Architecture
• Client-Slide Scripting Versus Server-Slide Scripting
• Accessing Web Servers
• Microsoft Internet Information Services (IIS)
• Apache Web Server
• Requesting Documents
• XHTML
• NET
• Perl
• PHP
• Python
• Web Resources

Various Access Controls
• Definitions and Key Concepts
• Access Control Categories and Types
• Access Control Threats
• Access to the System
• Access to Data
• Intrusion Prevention and Detection System
• Access Control Assurance
Packet Filtering and Web Firewall
• Basic Packet Filtering
• Stateful Packet Filtering
• Matching Algorithms
• Common Configuration Errors
• Direction Based Filtering
• Advanced Firewall Management
• Firewall Analysis

Introduction to Computer Networks
• Internet, HTTP, DNS, P2P
• Socket, Ports
• Congestion Control, Flow Control, TCP
• Routing, Basic Graphs, IP
• DSL Versus Cable, Aloha, CSMA, TDMA, Token, 802.11
• Security RSA
• Cellular Networks, Mobile Networks, Satellite Networks
• Wireless Multi-hop Networks
• Internetwork
• Layers
• Data Rate, Throughput and Bandwidth
• Packets
• Datagram Forwarding
• Topology
• Routing Loops
• LAN and Ethernet
• DNS
• IP
• Firewall
• IETF and OSI
• Epilog

Hands On, Workshops and, Group Activities
• Labs
• Workshops
• Group Activities
Sample Workshops and Labs for Web Security Training
• Tutorial and Hands-on for different possible web attacks
• IP Hijacking Case Study
• Eavesdropping HTTP passwords Case Study
• Command Line Injection Attack Experiment
• Using SQL Injection Vulnerabilities to Gain Access to Website
• Using the Stolen Cookie for Identity Attack
• ModSecurity Application to Detect Threats

WEB SECURITY
C Y B E R S E C U R I T Y F O U N D A T I O N
WEB SECURITY TRAINING & COURSES
VISIT TONEX.COM

• Tonex has been documenting the cybercrime evolution for 25 years
when it first began training organizations on how to better deflect
contemporary cyberattack.
• Our Cybersecurity training courses and seminars are continuously
updated so that they reflect the latest industry trends, and they are
also created by specialists in the industry who are familiar with the
market climate.
• So far we have helped over 20,000 developers in over 50 countries
stay up to date with cutting edge information from our training
categories.
• We’re Different because we take into account your workforce’s
special learning requirements. In other words, we personalize our
training – Tonex has never been and will never be a “one size fits all”
learning program.
• Ratings tabulated from student feedback post-course evaluations
show an amazing 98 percent satisfaction score.
Contact Tonex for more information, questions, comments.
Why Tonex?

Web Security Training : Tonex Training

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Web Security Training : Tonex Training

Similar to Web Security Training : Tonex Training (20)

More from Bryan Len

More from Bryan Len (20)

Recently uploaded

Recently uploaded (20)

Web Security Training : Tonex Training