Home   Web Security Training

Web Security Training

Introduction Web Security
Is your website secure? What are the security risks for web applications? How do you design for web security? What are the top ten security vulnerabilities and how do you mitigate them? If you need answers to these questions, this course provides the starting point.

This course presents the foundational principles of information and web security in the context of the systems development and security life cycle process. The focus is on both managerial as well as technical aspects. This course covers security principles; security needs, threats, and attacks; legal, ethical and professional issues; security technology including firewalls, VPNs, intrusion detection, access control; cryptography; physical security; security implementation; security maintenance and change management. The course is platform independent and supports the CISSP certification.

Course Objectives: at the completion of this course, you will:

Understand security concepts, security professional roles, and security resources in the context of systems and security development life cycle
Understand applicable laws, legal issues and ethical issues regarding computer crime
Understand the business need for security, threats, attacks, top ten security vulnerabilities, and secure software development
Understand risk management concepts, risk identification and assessment, risk control strategies, quantitative and qualitative risk control practices, risk management and risk control practices
Understand information security policies, standards and practices, the information security blueprint
Understand the use of firewall and VPN technologies in physical design
Understand the use of intrusion detection, access control and other security tools in physical design
Understand cryptography concepts, algorithms, and digital signatures used to protect information
Understand the concepts and techniques for establishing physical security
Understand how to implement and execute the information security blueprint
Understand the information security function within the organization, HR and staffing issues, security credentials, and privacy
Understand security maintenance issues, the use of security management models, and the use of digital forensics

Applicable Job Roles: web project manager, web programmers, and web application developers.

Outline

 Week 1: Elements of Information and Web Security, Legal, Ethical, and Professional Issues in Information Security

  • Security and its history
  • NSTISSC Security Model
  • Information system components
  • Balancing security with access
  • Security implementation
  • System and Security Development Life Cycles
  • Law and Ethics
  • Relevant U.S. laws
  • International laws
  • Ethics and Codes of Ethics

 Title here

  • Business needs
  • Threats
  • Attacks
  • Top ten security vulnerabilities
  • Secure software development

 Week 3: Risk Management

  • Risk management overview
  • Risk identification
  • Quantitative and qualitative risk control
  • Risk management
  • Risk control practice
  • Risk assessment
  • Risk control strategies and selection

 Week 4: Security Planning

  • Security policy, standards and practices
  • Information security blueprint
  • Security education, training and awareness
  • Continuity strategies

 Week 5: Security Technology: Firewalls and VPN, and Intrusion Detection and Access Control

  • Physical design
  • Firewalls
  • Protecting remote connections
  • Intrusion detection and prevention systems
  • Honey pots, honey nets and padded cell systems
  • Scanning and analysis tools, access control devices

 Week 6: Cryptography

  • Cryptography Foundations
  • Cipher methods
  • Cryptographic algorithms
  • Cryptographic tools
  • Protocols for secure communications
  • Attacks on cryptosystems

 Week 7: Physical Security and Implementing Information Security

  • Physical access controls
  • Fire security and safety
  • Supporting utility failure and structural collapse
  • Data interception
  • Mobile and portable systems
  • Special considerations for physical security threats
  • Project management
  • Technical implementation topics
  • Nontechnical implementation topics
  • Certification and accreditation

     Week 8: Security and Personnel, and Information Security Maintenance

    • Positioning and staffing
    • Information security professional credentials
    • Employment policies and practices
    • Security for nonemployees
    • Internal control strategies
    • Privacy and security of personnel data
    • Security management models
    • Maintenance model
    • Digital forensics