Testing Web Applications with Rational Appscan
March 21-23, 2012

This training is designed to provide participants with the skills necessary to deploy secure web applications. In addition to teaching the basics about web security and vulnerabilities, this course digs deep into best processes and practices for using the IBM Rational AppScan tool to test, analyze, and evaluate the security and effectiveness of defenses associated with your web applications.

Throughout this course, participants thoroughly examine best practices for defensively coding web applications, including the use of AppScan to test and analyze new or existing web applications. Students will repeatedly attack and test vulnerable and defended assets associated with fully-functional web applications. The course also goes into the advanced features and capabilities of AppScan, showing what they are and how to effectively use them.

Course Outline:

1. Application Security Foundation
   
   
• Security Concepts
• Terminology and Players
• Assets, Threats, and Attacks
• OWASP
• Defensive Coding Principles
• Security is a Lifecycle Issue
• Minimize Attack Surface
• Manage Resources
• Application States
• Compartmentalize
• Defense In Depth - Layered Defense
• Consider All Application States
• Not Trusting the Untrusted
• Security Defect Mitigation
• Leverage Experience
• Recent, Relevant Incidents
• Find Security Defects in Web Applications
  
  
2. Web Application Vulnerabilities
   
   
• AInjection
• Cross-Site Scripting (XSS)
• Broken Authentication and Session Management
• Insecure Direct Object References
• Cross-Site Request Forgery (CSRF)
• Security Misconfiguration
• Insecure Cryptographic Storage
• Failure to Restrict URL Access
• Insufficient Transport Layer Protection
• Unvalidated Redirects and Forwards
  
  
3. Working with Appscan
   
   
   • AppScan Overview
   • What AppScan targets
   • How AppScan works
   • AppScan Architecture
   • Configuring AppScan
   • Preparing targeted web application
   • Performing basic scans
   • What is targeted
   • Initiating scanning
   • AppScan Results
   • What AppScan generates
   • Interpreting scanning results
   • Application Coverage
   • Understanding application coverage
   • Increasing application coverage
   • Sessions
   • Authentication
   • Authorization
   • Compliance Analysis and Standards
     
     
4. Best Practices

• Defensive Coding Principles Revisited
• AppScan usage patterns
• What AppScan does not cover
• Integrating AppScan into larger security context
• Effectively managing AppScan analysis options

"Courses are updated with the current trends and technolgies in information security which will be presented in our fully equiped training laboratory"

Training Details:

• Duration: 3 days
  
  
• Schedule: March 21-23, 2012
  
  
• Time: 9:00 am to 5:00 pm
  
  
• Venue: CheQ Labs, 1708 88 Corporate Center, 141 Sedeno St. corner Valero St., Salcedo Village,
  Makati City Philippines 1227
  
  
• Course Fee: Php 36,000.00 (Exclusive of 12% VAT) Course fee is inclusive of handouts, certificate, snacks and lunch. Please make all checks payable to SeQure Technologies, Inc.
  
  
• For more details, please call Malou Chan at 888-24-37 ext 102 or email inquiry@sequretech.com. Cancellation of registration should be made seven working-days before the training date. Otherwise, 50% of the training fee shall be charged. No show during the training shall be charged 100% of the training fee.