Web application security (WAPT Training) is a branch of Information Security that deals specifically with security of websites, web applications and web services. At a high level, Web application security draws on the principles of application security but applies them specifically to Internet and Web systems. Typically web applications are developed using programming languages such as PHP, Java EE, Java, Python, Ruby, ASP.NET, C#, VB.NET or Classic ASP. In the race to develop online services, web applications have been developed and deployed with minimal attention given to security risks, resulting in a surprising number of corporate sites that are vulnerable to hackers. Prominent sites from a number of regulated industries including financial services, government, healthcare, and retail, are probed daily. Some banks have reported being probed as many as 50 times a day. The consequences of a security breach are great: loss of revenues, damage to credibility, legal liability and loss of customer trust.
Web applications are used to perform most major tasks or website functions. They include forms that collect personal, classified and confidential information such as medical history, credit and bank account information as well as user satisfaction feedback. Gartner has noted that almost 75 percent of attacks are tunneling through web applications. Web application security is a significant privacy and risk compliance concern that remains largely unaddressed.
This course covers the basic concepts and terminology for understanding application security issues. It provides a definition of application-level security and demonstrates how its concerns extend beyond those of traditional infrastructure security. The course explains common application security vulnerabilities, such as SQL injection, Cross-Site Scripting (XSS) and authorization issues. Using this knowledge, developers, QA testers and security personnel will be able to address application-level threats.