Exploiting and Protecting web Applications

Stanford Center for Professional Development

How long?

  • online
  • on demand

What are the topics?

Stanford Center for Professional Development

Disclaimer

Coursalytics is an independent platform to find, compare, and book executive courses. Coursalytics is not endorsed by, sponsored by, or otherwise affiliated with any business school or university.

Full disclaimer.

About the course

Web applications are vulnerable to many types of attacks to which traditional client-server applications are not as susceptible. These vulnerabilities, over the past several years, have resulted in attacks that have exposed companies to monetary losses and reputational damage.

This course covers these vulnerabilities, how attacks are constructed based on them, and techniques that can be used to mitigate such vulnerabilities.

Example web vulnerabilities covered in this course include client-state manipulation, cookie-based attacks, SQL injection, cross domain attacks (XSS, XSRF, XSSI), DNS rebinding, timing attacks, user tracking, and HTTP header injection. In addition, this course covers security issues that can arise in Web 2.0 and HTML5 applications that take advantage of heavy use of JavaScript, AJAX, mash-ups, and HTML5 extensions.

You Will Learn

  • Overview of Web Technologies (HTTP, cookies, JavaScript, caching, session management)
  • Browser Security Model (document object model, same-origin-policy andviolations of it), and SSL
  • Coverage of HTML5 vulnerabilities due to frame communication, localstorage, cross-origin resource sharing, and other HTML5 features
  • SQL Injection (and other forms of command injection including LDAP andXPath Injection)
  • Cross-site scripting (XSS), cross-site request forgery (XSRF), andcross-site script inclusion (XSSI), Clickjacking
  • Prevention techniques including input validation, output escaping, signatures, message authentication codes, and frame busting

Final Exam

Online participants are asked to complete a final exam at the end of each course to maintain the integrity of the program. A score of 85% must be achieved to successfully pass the exam. A digital record of completion will be emailed to participants when they pass the exam.

Course Evaluation

It is required that participants complete the course evaluation once they have passed the final exam.

Experts

John Mitchell

John Mitchell is the Mary and Gordon Crary Family Professor in the School of Engineering at Stanford University. He has a faculty appointment in Computer Science, as well as courtesy appointments in Electrical Engineering and the Graduate School of Education. He has research interests in computer...

Dan Boneh

Professor Boneh heads the applied cryptography group and co-directs the computer security lab. Professor Boneh's research focuses on applications of cryptography to computer security. His work includes cryptosystems with novel properties, web security, security for mobile devices, and cryptanalys...

Neil Daswani

Neil Daswani is a co-founder of Dasient, Inc., a new stealth-mode Internet security company backed by some of the most influential investors in Silicon Valley. In the past, Neil has served in a variety of research, development, teaching, and managerial roles at Google, Stanford University, DoCoMo...

Exploiting and Protecting web Applications at Stanford Center for Professional Development

From  $495

Something went wrong. We're trying to fix this error.

Thank you for your application

We will contact the provider to ensure that seats are available and, if there is an admissions process, that you satisfy any requirements or prerequisites.

We may ask you for additional information.

To finalize your enrollment we will be in touch shortly.

Disclaimer

Coursalytics is an independent platform to find, compare, and book executive courses. Coursalytics is not endorsed by, sponsored by, or otherwise affiliated with any business school or university.

Full disclaimer.

Because of COVID-19, many providers are cancelling or postponing in-person programs or providing online participation options.

We are happy to help you find a suitable online alternative.