Introduction to Web Application Security
In this course, you will learn fundamental principles of securing web applications using PHP. As web applications have become more complex, threats due to cross-site scripting (XSS) and SQL injection attacks are increasingly problematic. Designing and testing your web applications to protect against these threats is essential.
Upon completion of this course, you will be able to:
- Identify common security flaws in web applications.
- Investigate and repair application security flaws.
- Encrypt passwords for safe storage.
- Build an application that handles output encoding to protect against XPath injection, SQL injections, and cross-site scripting.
- Securely authenticate and handle user sessions.
- Intercept and modify web requests to discover new issues.
From beginning to end, you will learn by doing your own PHP-based projects and submitting them for instructor feedback. These projects, as well as the final project, will add to your portfolio and provide needed experience to design secure web applications. Besides a browser and Internet connection, all software is provided online by the O’Reilly School of Technology.
Prerequisites: Introduction to PHP, or equivalent skills. This course is meant for the beginning or intermediate programmer.
Course Details and Syllabus
|Course:||Introduction to Web Application Security|
|Time Frame:||This course is online and self-paced. You can expect to work approximately 90 hours on this course.|
|Technical Requirements:||As long as you have a web browser and internet connection, you can take this course from anywhere in the world.|
|Software:||The Ellipse Learning Sandbox™ provided for you will contain all your lessons, projects, quizzes, account files, editors, and compiling tools necessary to build your skills from beginning to end, even beyond coursework. No other software is needed.|
|Instructor:||You will have one instructor throughout the course who will evaluate your projects and quizzes, hand them back for improvement when necessary, and coach you throughout your skills advancement.|
|Book:||All required course materials and software are included online within the Learning Sandbox™ However, after a week of being enrolled, you’ll receive the ebook Web Security Testing Cookbook as a reference resource from O’Reilly.|
|Certificates:||This course does not current count towards a certificate.|
|Prerequisites:||Introduction to PHP, or equivalent experience. This course is meant for the beginning or intermediate programmer.|
|Topics:||Activities, views, navigation with data, drawables, lists, menus, saving data with an SQLite database, and threading, etc.|
|Syllabus:||Lesson 1: Getting Started
Lesson 2: Adding Basic Authentication
Lesson 3: Improving Authentication by Adding Session Management
Lesson 4: Handling a Form
Lesson 5: Client-Side Validation
Lesson 6: Input Validation: Server-Side, Whitelisting, and Blacklisting
Lesson 7: Input Validation: Types and Headers
Lesson 8: Output Encoding
Lesson 9: Making Authentication More Robust
Lesson 10: Making the Passwords Secret
Lesson 11: Direct Browsing
Lesson 12: SQL Injection
Lesson 13: Cross-Site Request Forgery
Lesson 14: Password Reset
Lesson 15: Information Disclosure