||Designed for a technical audience, these course addresses basic web application security for developers (appropriate for any level of experience or program language). They cover the top 10 web application risks, including SQL injection, other types of injection, cross site scripting, broken authentication and session management, insecure direct object references, etc. Discussion of each risk includes an overview, examples of situations that can result in the problem, a hands-on demonstration where students perform a simulated attack in a lab environment, remediation strategies, and implementation of the remediation strategies in the lab environment.
Please Read: Important Information Concerning the Responsible Use of Security Tools
During this training, the instructor will use various security tools and techniques to demonstrate how they can be used to reveal webserver vulnerabilities. Please read and understand the following two points before using any of these tools and/or techniques.
1. You must have permission from your Information Systems Security Officer, the NIH Security Program or other relevant authorized personnel prior to using security tools in any NIH environment.
2. The use of security tools/techniques is subject to NIH, HHS and other federal policy, laws and regulations.
3. Violations of Federal law and policy related to the unauthorized and inappropriate use of security tools/techniques will be investigated by the HHS Inspector General and can have serious personnel and/or criminal repercussions.