Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

Operating an Internet web site is a necessity in today’s eBusiness environment; however, there are many important CyberSecurity risks that come with web applications. Increasingly demanding regulatory requirements, litigations, and intensified lethal attacks on Web-based applications, along with traditional information asset protection, have significantly raised the stakes on the importance of secure application design, testing, certification/accreditation, and audit. Additionally, CyberSpace (IT) applications have become more complex and frequently rushed to market by poorly trained commercial CyberSpace (IT) product and internal developers, increasing the business risks and the challenges to applying and verifying reliable CyberSecurity safeguards.

In this information-packed workshop, we will cover key building blocks and significant risks, and systematically sort through the available CyberSecurity safeguards in today’s complex Web-enabled, multi-tiered applications.

Learning Objectives

  • Identify and assess CyberSecurity control points and software building blocks in a multi-tiered web application
  • Understand the risks and causes associated with different types of CyberAttacks on web applications
  • Evaluate different methods of CyberSecruity testing CyberAuditing web applications throughout the System Development Life Cycle (SDLC) and after they go into production
  • Gain familiarity with industry best practices for secure web application design and operation

Course Outline

Web Application Architectures and Building Blocks

  • Client/server architectures and middleware concepts
  • Web application building blocks and CyberSecurity control points: old and new
  • CyberSecurity risks affecting web enabled applications
  • HTTP protocol and state management fundamentals
  • Web application markup languages: HTML, XML, and more
  • SSL/TLS session encryption
  • Single sign-on (SSO) and federated authentication for web applications
  • Cloud Computing Services risks and safeguards
  • Web services and Service Oriented Architectures (SOA): facts and fiction
  • Microservices: Life after SOA

Building CyberSecurity in the Web Application Software Development Life Cycle

  • Server-side Web page programming security risks and countermeasures
  • Client-side and Rich Internet Application (RIA) software security risks and safeguards*
  • Common web application attacks vectors: cross-site scripting, SQL injection, buffer overflow, cross-site request forgeries
  • OWASP, PCI DSS and other industry CyberSecurity standards and best practices for secure web application design, configuration, and operation
  • Importance of strong input validation and aggressive application CyberSecurity testing
  • Web application CyberSecurity vulnerability tracking resources and testing tools
  • Change control and CyberSecurity risks associated with remote Web application development and real-time site content changes
  • Dealing with Agile development, DevOps, and DevSecOps
  • Important CyberSecurity add-ons: web application firewalls, SSL proxies, log management, and intrusion prevention systems
  • Tools and techniques for CyberSecurity assurance in application design

Additional Information

Who Should Attend
  • IT Auditors
  • Information Security Managers, Analysts, and Architects
  • IT Management
  • IT Architects
  • Web Site System Administrators
  • Application Developers and Analysts
  • Consultants
Learning Level

Intermediate

Delivery

Group-Live

Field

Auditing

Advanced Preparation

None

Recommended Prerequisites

Auditing IT Application Systems (AA02) or equivalent training. A basic understanding of IT audit controls and terminology is assumed.

Session Duration

Online: N/A

On Site: Lecture: 2 or 3 days; Hands-On: 5 days

CPE Credits: Lecture: 16 or 24; Hands-on: 40