College of Information and Communication Technologies

College of ICT

University of Dar Es Salaam

Short courses

Advanced Web Security

  • Date: - -
  • Venue: Gold Crest Hotel, Mwanza
  • Cost: TZS 1,950,000
  • Contact: 0715677873 | oscar.mashauri@udsm.ac.tz
  • Register

Web applications security concentrate in secure development of web-based systems, testing against most common attacks using special penetration tools, configure secure environment for system installation, Authenticate and Authorize user of the system, and transfer data securely by encrypt and decrypt when communication between end point. The course intended to Website and Systems developer, Systems and IT Security Analyst

Hackers target weak developed web applications, loopholes in website applications, vulnerable and misconfigured websites application. You won't know if your application is secure until you understand security principles, learn how find vulnerabilities, secure systems development, develop and testing the application, and defending against attacks.

Security

  • Overview
  • Understanding principles

Protecting against Top 10 Attacks

  • Injection
  • Broken Authentication
  • Sensitive data exposure
  • XML External Entities (XXE)
  • Broken Access control
  • Security misconfigurations
  • Cross Site Scripting (XSS)
  • Insecure Deserialization
  • Using Components with known vulnerabilities
  • Insufficient logging and monitoring

Web penetration Testing

  • Working scanning tools
  • Searching for Vulnerabilities
  • Content Management System (CMS) attacking
  • Attacking Dynamic and Static Websites

Develop Secure Web application

  • Secure coding overview
  • Input Validation
  • Accessing Database securely
  • PHP Framework and CMS Overview
  • Content Management System (CMS) Security
  • Encryption and Authentication

Same-origin Policies

  • Content Security Policy
  • Cross-Origin Resource Sharing (CORS)
  • Communicate securely
  • Cookies

Web Servers security

  • Apache, Nginx, and IIS Overview
  • Known vulnerabilities
  • Secure configuration
  • SSL/TLS installation
  • Logging and Monitoring

Log in