Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

Operating an Internet web site is a necessity in today’s eBusiness environment; however, there are many important CyberSecurity risks that come with web applications. Increasingly demanding regulatory requirements, litigations, and intensified lethal attacks on Web-based applications, along with traditional information asset protection, have significantly raised the stakes on the importance of secure application design, testing, certification/accreditation, and audit. Additionally, CyberSpace (IT) applications have become more complex and frequently rushed to market by poorly trained commercial CyberSpace (IT) product and internal developers, increasing the business risks and the challenges to applying and verifying reliable CyberSecurity safeguards.

In this information-packed workshop, we will cover key building blocks and significant risks, and systematically sort through the available CyberSecurity safeguards in today’s complex Web-enabled, multi-tiered applications.

NOTE: Several demonstrations in the course will optionally afford the opportunity for students to try the associated procedures on the Internet with their own computers. Students are invited to bring their own computers to replicate some of the procedures and/or research useful resource sites on the Internet.

Learning Objectives

  • Identify and assess CyberSecurity control points and software building blocks in a multi-tiered web application
  • Understand the risks and causes associated with different types of CyberAttacks on web applications
  • Evaluate different methods of CyberSecruity testing CyberAuditing web applications throughout the System Development Life Cycle (SDLC) and after they go into production
  • Gain familiarity with industry best practices for secure web application design and operation

Course Outline

Web Application Audit Planning

  • CyberSecurity risks to business applications
  • Planning CyberSecurity audits for web applications

Defining the “Monolith” Web Application Environment

  • Distributed computing models
  • Web applications and control points
  • Web applications and associated security architecture
  • Client/Server—Middleware
  • Virtualization
  • Cloud computing
  • Single sign-on for web applications

Defining the “Modern” Web Environment

  • Service Oriented Architecture (SOA)
  • Microservices
  • Application programming interfaces (APIs)
  • Container virtualization
  • Serverless computing
  • Documenting and analyzing distributed web applications

Securing and Audit Web (HTTP) Servers

  • Hypertext transfer protocol (HTTP) and state management
  • Web server host enumeration
  • Auditing web (http) server surety configuration/policies – Apache, Microsoft IIS, nginx
  • Auditing web server session encryption (SSL/TLS)

Secure Design and Testing of Web Applications

  • We application software development environments—waterfall, Agiile, DevOps, DevSecOps
  • CyberSecurity in software design and testing
  • Content Management Systems (CMS)
  • Common web application risks, attacks, and countermeasures
  • Vulnerability and penetration testing of web applications

Summary Wrap-up

  • Summary audit points
  • Sources of information, checklists, and tools

Additional Information

Who Should Attend
  • IT Auditors
  • Information Security Managers, Analysts, and Architects
  • IT Architects
  • Web Site System Administrators
  • Application Developers and Analysts
  • Consultants
Learning Level

Intermediate

Delivery

Group Live or Group Internet-Based

Field

Auditing

Advanced Preparation

None

Recommended Prerequisites

Auditing IT Application Systems (AA02) or equivalent training. A basic understanding of IT audit controls and terminology is assumed.

Session Duration

On Site: 2 days

CPE Credits: 16

Questions? Contact us

Phone: +1 (781) 784-4390
Fax: +1 (781) 705-2327
Email: fill out form below

[recaptcha size:compact class:captcha]