Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

Operating an Internet web site is a necessity in today’s eBusiness environment; however, there are many important CyberSecurity risks that come with web applications. Increasingly demanding regulatory requirements, litigations, and intensified lethal attacks on Web-based applications, along with traditional information asset protection, have significantly raised the stakes on the importance of secure application design, testing, certification/accreditation, and audit. Additionally, CyberSpace (IT) applications have become more complex and frequently rushed to market by poorly trained commercial CyberSpace (IT) product and internal developers, increasing the business risks and the challenges to applying and verifying reliable CyberSecurity safeguards.

In this information-packed workshop, we will cover key building blocks and significant risks, and systematically sort through the available CyberSecurity safeguards in today’s complex Web-enabled, multi-tiered applications.

NOTE: Several demonstrations in the course will optionally afford the opportunity for students to try the associated procedures on the Internet with their own computers. Students are invited to bring their own computers to replicate some of the procedures and/or research useful resource sites on the Internet.

Learning Objectives

  • Identify and assess CyberSecurity control points and software building blocks in a multi-tiered web application
  • Understand the risks and causes associated with different types of CyberAttacks on web applications
  • Evaluate different methods of CyberSecruity testing CyberAuditing web applications throughout the System Development Life Cycle (SDLC) and after they go into production
  • Gain familiarity with industry best practices for secure web application design and operation

Course Outline

Web Application Audit Planning

  • CyberSecurity risks to business applications
  • Planning CyberSecurity audits for web applications

Auditing the Legacy/“Monolith” Web Application Environment

  • Distributed computing models
  • Web applications and control points
  • Web applications and associated security architecture
  • Client/Server—Middleware
  • Virtualization
  • Cloud computing
  • Single sign-on for web applications

Auditing the Modern Cloud-Native Web Environment

  • Service Oriented Architecture (SOA)
  • Microservices
  • Application programming interfaces (APIs)
  • Container virtualization
  • Serverless computing
  • Documenting and analyzing distributed web applications

Securing and Auditing Your Web Storefront – HTTP Servers

  • Hypertext transfer protocol (HTTP) and state management
  • Web server host enumeration
  • Auditing web (http) server configuration/policies
  • Auditing web server session encryption (SSL/TLS)

Auditing Secure Design and Testing of Web Applications

    <liWeb software development lifecycles (SDLCs), including off-the-shelf software
  • CyberSecurity in software design and testing
  • Common web application risks, attacks, and countermeasures
  • CyberSecurity in software design and testing throughout the SDLC

Summary Wrap-up

  • Summary audit points
  • Sources of information, checklists, and tools

Additional Information

Who Should Attend
  • IT Auditors
  • Information Security Managers, Analysts, and Architects
  • IT Architects
  • Web Site System Administrators
  • Application Developers and Analysts
  • Consultants
Learning Level



Group Live



Advanced Preparation


Recommended Prerequisites

Auditing IT Application Systems (AA02) or equivalent training. A basic understanding of IT audit controls and terminology is assumed.

Session Duration

On Site: 3 days

CPE Credits: 27

Questions? Contact us

Phone: +1 (781) 784-4390
Email: fill out form below

    [recaptcha size:compact class:captcha]