• Homepage
  • >
  • Certified Secure Web Application Engineer C)SWAE (owasp)

Certified Secure Web Application Engineer C)SWAE (owasp)

Certified Secure Web Application Engineer C)SWAE (owasp)
4,0 rating based on 12.345 ratings
Overall rating: 4 out of 5 based on 3 reviews.

Organizations and governmentsfall victim to internet based attacksevery day. In many cases, web attacks could bethwarted but hackers, organized criminal gangs, and foreign agents are able to exploit weaknesses in web applications. The Secure Web programmer knows how to identify, mitigate and defend against all attacks through designing and building systems that are resistant to failure. The secure web application developer knows how to develop web applicationsthat aren’tsubject to common vulnerabilities, and how to test and validate that theirapplicationsare secure, reliable and resistant to attack. Thevendor neutralCertifiedSecure Web Application Engineercertificationprovides the developerwith a thorough and broad understanding of secure application concepts, principles and standards. The studentwill be able to design, develop and test web applications that will provide reliable web servicesthat meet functional business requirements and satisfy compliance and assurance needs.The CertifiedSecure Web Application Engineercourse is delivered by high level OWASP experts and students can expectto obtain real world security knowledge that enables them to recognize vulnerabilities, exploit system weaknesses and help safeguard against application threats.

Wat leer je?

Upon completion, Certified Secure Web Application Engineer students will be able

to establish industry acceptable auditing standards with current best practices and policies. 

Students will also be prepared to competently take the C)SWAE exam.

Trainingsvorm

3,200.00

(excl. BTW)

Trainingsduur

5 dagen

Afronding

Certificaat van deelname

Startdatum

04 januari 2021

Locatie

Startel (Drachten)

Welke voorkennis heb je nodig?

  • A minimum of 24
  • months’experience in softwaretechnologies& security
  • Soundknowledge of networking
  • At least one coding Language
  • Linux understanding
  • Open shell

Kom je er niet uit?

Neem dan contact op met onze klanten service voor studieadvies of een training op maat.

 

Trainingsdata

Startdatum

Trainingsvorm

Locatie

Duur

Prijs

datum:
04 januari 2021

Virtueel

Virtual

5 dagen

2,995.00

datum:
04 januari 2021

Klassikaal

Startel (Drachten)

5 dagen

3,200.00

datum:
22 maart 2021

Virtueel

Virtual

5 dagen

2,995.00

datum:
22 maart 2021

Klassikaal

Startel (Drachten)

5 dagen

3,200.00

datum:
31 mei 2021

Virtueel

Virtual

5 dagen

2,995.00

datum:
31 mei 2021

Klassikaal

Startel (Drachten)

5 dagen

3,200.00

datum:
09 augustus 2021

Klassikaal

Startel (Drachten)

5 dagen

3,200.00

datum:
09 augustus 2021

Virtueel

Virtual

5 dagen

2,995.00

datum:

E-Learning

365 dagen

1,245.00

datum:

In company

Waarom Startel?

Persoonlijke
aanpak
Ervaren
trainers
Aanbod
op maat
Klassikaal en e-learning
mogelijkheden

Het programma

Module1: Web Application Security


  • Web Application Security
  • Web Application Technologies and Architecture
  • Secure Design Architecture
  • Application Flaws and Defense Mechanisms
  • Defense In-Depth
  • Secure Coding Principles


Module 2: OWASP TOP 10


  • The Open Web Application Security Project (OWASP)
  • OWASP TOP 10 for 2017 & 2018


Module3: Threat Modeling & Risk Management


  • Threat Modeling Tools & Resources
  • Identify Threats
  • Identify Countermeasures
  • Choosing a Methodology
  • Post Threat Modeling
  • Analyzing and Managing Risk
  • Incremental Threat Modeling
  • Identify Security Requirements
  • Understand the System
  • Root Cause Analysis


Module 4: Application Mapping


  • Application Mapping
  • Web Spiders
  • Web Vulnerability Assessment
  • Discovering other content
  • Application Analysis
  • Application Security Toolbox
  • Setting up a Testing Environment


Module5: Authentication and Authorization attacks


  • Authentication
  • Different Types of Authentication (HTTP, Form)
  • Client Side Attacks
  • Authentication Attacks
  • Authorization
  • Modeling Authorization
  • Least Privilege
  • Access Control
  • Authorization Attacks
  • Access Control Attacks
  • User Management
  • Password Storage
  • User Names
  • Account Lockout
  • Passwords
  • Password Reset
  • Client-Side Security
  • Anti-Tampering Measures
  • Code Obfuscation
  • Anti-Debugging


 


Module6: Session Management attacks


  • Session Management Attacks
  • Session Hijacking
  • Session Fixation
  • Environment Configuration Attacks
  • Module7: Application Logic attacks
  • Application Logic Attacks
  • Information Disclosure Exploits
  • Data Transmission Attacks


Module8: Data Validation


  • Input and Output Validation
  • Trust Boundaries
  • Common Data Validation Attacks
  • Data Validation Design
  • Validating Non-Textual Data
  • Validation Strategies & Tactics
  • Errors & Exception Handling

    • Structured Exception Handling
    • Designing for Failure
    • Designing Error Messages
    • Failing Securely


Module 9: AJAX attacks


  • AJAX Attacks
  • Web Services Attacks
  • Application Server Attacks


Module10: Code Review and Security Testing


  • Insecure Code Discovery and Mitigation
  • Testing Methodology
  • Client Side Testing
  • Session Management Testing
  • Developing Security Testing Scripts
  • Pentesting a Web Application


Module 11: Web Application Penetration Testing


  • Insecure Code Discovery and Mitigation
  • Benefits of a Penetration Test
  • Current Problems in WAPT
  • Learning Attack Methods
  • Methods of Obtaining Information
  • Passive vs. Active Reconnaissance
  • Footprinting Defined
  • Introduction to Port Scanning
  • OS Fingerprinting
  • Web Application Penetration Methodologies
  • The Anatomy of a WebApplication Attack
  • Fuzzers


Module12: Secure SDLC


  • Secure-Software Development Lifecycle (SDLC)
  • Methodology
  • Web Hacking Methodology


Module 13: Cryptography


  • Overview of Cryptography
  • Key Management
  • Cryptography Application
  • True Random Generators (TRNG)
  • Symmetric/Asymmetric Cryptography
  • Digital Signatures and Certificates
  • Hashing Algorithms
  • XML Encryption and Digital Signatures Authorization Attacks


NOTE:Student will use Kali Linux

Hoe maken we het persoonlijk?

Bij Startel is persoonlijk ook écht persoonlijk. Om de best passende trainingen te geven starten we met het belangrijkste ingrediënt: jou.

  1. We starten altijd met een intake om jou te leren kennen.
  2. We passen de Training aan de hand van jouw ambitie en doelen aan.
  3. We kijken ook naar jouw persoonlijke situatie om de lesstof zo praktisch mogelijk te maken.

Wat krijg je?

E-learning

The self study package consists of: 

  1. C)SWAE Online Video
  2. C)SWAE Electronic Book (Workbook/Lab guide) 
  3. C)SWAE Exam Prep Questions
  4. C)SWAE Exam
  5. C)SWAE Cyber Range Lab access for 2 weeks (must request access from mile2 when you are ready to begin)

Wat zeggen anderen?

Certified Secure Web Application Engineer C)SWAE (owasp)
4,0 rating based on 12.345 ratings
Overall rating: 4 out of 5 based on 3 reviews.
4 5 4

Certified Secure Web Application Engineer C)SWAE (owasp)
Certified Secure Web Application Engineer C)SWAE (owasp)
★★★★☆
4 5 1
kundige docent
4 5 4

Certified Secure Web Application Engineer C)SWAE (owasp)
Certified Secure Web Application Engineer C)SWAE (owasp)
★★★★☆
4 5 1
kundige docent
4 5 4

Certified Secure Web Application Engineer C)SWAE (owasp)
Certified Secure Web Application Engineer C)SWAE (owasp)
★★★★☆
4 5 1

Laat een review achter

Name
Rating
Review Content
.
Foundation (BiSL-F)

De Business Information Services Library (BiSL) biedt een framework voor het werkveld dat zich bevindt tussen de aansluiting van ICT op het bedrijfsproces. Juist deze

Lees verder »

Contact formulier

Op de hoogte blijven van de nieuwste trainingen?

Schrijf je in voor onze nieuwsbrief!

E-mailadres