Learn More about the Building Secure Ajax and Web 2.0 Applications Class

From OWASP
Revision as of 15:58, 16 July 2010 by KateHartmann (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Ajax and Web 2.0

This two-day class will cover common Web 2.0 and AJAX security threats and vulnerabilities and it will provide specific guidance on how to develop Web 2.0 applications to defend against these threats and vulnerabilities. Training developers on secure coding practices offers one of highest returns on investment of any security investment by eliminating vulnerabilities at the source. Aspect’s Building Secure Ajax and Web 2.0 Applications Course is designed to enable developers to security utilize Web 2.0 technologies in their web applications without introducing security issues. The course provides detailed examples of ‘what to do’ and ‘what not to do.' The class is lead by an experienced developer and is delivered in a very interactive manner. This course is intended to build on one of Aspect’s foundational secure coding courses. The course will use demonstrations, code examples, and spot-the-bug exercises to get developers engaged in the topic. Developers will leave with an understanding of how Ajax attacks work, the impacts of successful attacks, and what to do to defend against them.

Audience

The intended audience for this course is: Application developers

Software/System Architects

System Engineers

Security Engineers

Learning Objectives

At the highest level, the objective for this course is to ensure that developers are capable of designing, building, and testing secure Web 2.0/Ajax-enabled applications and understand why this is important.

Topic and Learning Objective

Principles - Students should be able to apply the principles while Ajax enabling applications to prevent vulnerabilities from being introduced

Architecture - Students should be able to identify the key security concerns in designing an Web 2.0 / Ajax application architecture and evaluate solutions

Authentication - Students should know the key issues in building an Web 2.0 / Ajax application that authenticates users and manages their sessions without compromising their credentials

Access Control - Students should know the key issues in building an Web 2.0 / Ajax application that prevents unauthorized access to services, business logic, and data

Validation - Students should know the key issues in building an Web 2.0 / Ajax application that prevents injection and other attacks relying on malformed input

Data Protection - Students should know the key issues in building an Web 2.0 / Ajax application that properly protects data stored in the browser