Duration: 3 days
Time: 9am to 5pm
What Will Be Taught For This Secure Web Development Expert Course?
In today’s context, the assets of a company that operates a website such as Lazada, Amazon and Carousell etc. is not the number of servers or offices but the information or data that are kept in the database such as credit card and identity information. If you have assets of importance or anything about your site puts you in the public spotlight then your web security will be tested.
Technically, the very same programming that increases the value of a web site, namely interaction with visitors, also allows scripts or SQL commands to be executed on your web and database servers in response to visitor requests. Any web-based form or script installed at your site may have weaknesses or outright bugs and every such issue presents a web security risk.
This course will equip and teach you how websites are being attack through applications and will also give you the knowledge and skills to implement and write secure code that will safe guard your websites.
Learning Outcome
In this course, you will be able to identify the vulnerabilities in your code and how these vulnerabilities are being exploited by the attackers on your website and learn how to defend against such attacks.
You will be able to:
- Identify security threats and vulnerabilities.
- Understand and explain how these security threats and vulnerabilities works
- Learn how to implement defense mechanisms to such security threats and vulnerabilities
Module 1: Introduction to Web Application Security
- Web Application Security Misconception
- What Is Web Application Security?
- Why Web Application Security Is Important?
Module 2: Defending Against SQL Injection Attack
- Categorize and explain various types of SQL injection attacks
- Describe coding and design strategies for avoiding SQL injection attacks
- Apply coding standards to eliminate SQL injection vulnerabilities
Module 3: Defending Against Cross Site Scripting Attack
- Understand What is Cross-Site Scripting
- Describe the impact of Cross-Site Scripting attacks
- Understand Cross-Site Scripting Client-Side Code
- Explain the differences between various types of Cross-Site Scripting
- Defending against Cross-Site Scripting
Module 4: Defending Against Broken Authentication and Session Management
- Understand What is Broken Authentication and Session Management
- Describe the impact of Broken Authentication and Session Management
- Understand How Broken Authentication and Session Management Works
- Defending against Broken Authentication and Session Management
Module 5: Defending Against Cross Site Request
- Understand What is Cross Site Request Forgery
- Describe the impact of Cross Site Request Forgery
- Understand How Cross Site Request Forgery Attack Is Carried Out
- Defending against Cross Site Request Forgery Attack
Module 6: Defending Against Unvalidated Redirects and Forwards Attack
- Understand What is Unvalidated Redirects and Forwards
- Describe the impact of Unvalidated Redirects and Forwards
- Understand How Unvalidated Redirects and Forwards Works
- Defending against Unvalidated Redirects and Forwards
Module 7: Defending Against Missing Function Level Access Control
- Understand What is Missing Function Level Access Control Attack
- Describe the impact of Missing Function Level Access Control
- Understand How Missing Function Level Access Control Works
- Defending against Missing Function Level Access Control Attack
Module 8: Defending Against Sensitive Data Exposure
- Understand What is Sensitive Data Exposure
- Describe the impact of Sensitive Data Exposure
- Defending against Sensitive Data Exposure
Module 9 – Defending Against Insecure Deserialization Attack
- Understand What is Insecure Deserialization
- Describe the impact of Insecure Deserialization
- Understand How Insecure Deserialization Works
- Defending against Insecure Deserialization
Module 10: Defending Against Using Components with Known Vulnerabilities
- Understand What is Using Components with Known Vulnerabilities
- Describe the impact of Using Components with Known Vulnerabilities
- Defending against Unknown Vulnerable Components
Module 11: Defending Against Insecure Direct Object
- Understand What is Insecure Direct Object Reference
- Describe the impact Insecure Direct Object Reference
- Understand How Insecure Direct Object Reference Works
- Defending against Insecure Direct Object Reference
Module 12: Defending Against XML External Entities(XXE) Attack
- Understand What is XML External Entities (XXE)
- Describe the impact of XML External Entities (XXE) Attack
- Understand How XML External Entities (XXE) Attack Works
- Defending against XML External Entities (XXE) Attack
Module 13: Defending Against Security Misconfiguration
- Understand What is Security Misconfiguration?
- Describe the impact of Security Misconfiguration
- Defending against Security Misconfiguration
Module 14: Defending Against Insufficient Logging and Monitoring
- Understand What is Insufficient Logging and Monitoring Malpractices
- Describe the impact of Insufficient Logging and Monitoring Malpractices
- Explain the differences between logging and monitoring
- Defending against Insufficient Logging and Monitoring Malpractices
Assessment Format & Duration (only applicable for learner taking SF grant)
| Assessment | Format | Duration |
| Written Assessment | Summative | 1.5 Hours |
| Practical Performance | Formative | 3.25 Hours |
| Total | 4.75 Hours | |
Who Should Attend This Secure Web Development Expert Training?
This course is targeted toward the web developers, Project Managers, or anyone with working experience developing web applications using languages such as PHP, .NET, Ruby, Java or Python.
| w/o GST | w GST | |
| Course Fee | $1,900 | $2,033 |
| Singapore Citizen & PR aged ≥ 21 years | $1,532.50 | $1,665.50 |
| Singapore Citizen aged ≥ 40 years (SkillsFuture Mid-Career Enhancement Funding) |
$675 | $808 |
| Singapore Citizen aged ≥ 35 years with earning ≤ $2,000/month (WTS Scheme) |
$601.50 | $734.50 |
| w/o GST | w GST | |
| Course Fee | $1,900 | $2,033 |
| Singapore Citizen & PR aged ≥ 21 years | $1,532.50 | $1,665.50 |
| Singapore Citizen aged ≥ 40 years (SkillsFuture Mid-Career Enhancement Funding) |
$675 | $808 |
| Singapore Citizen aged ≥ 35 years with earning ≤ $2,000/month (WTS Scheme) |
$601.50 | $734.50 |
| w/o GST | w GST | |
| Course Fee | $1,900 | $2,033 |
| Singapore Citizen & PR aged ≥ 21 years | $675 | $808 |
| Singapore Citizen aged ≥ 40 years (SkillsFuture Mid-Career Enhancement Funding) |
$675 | $808 |
| Singapore Citizen aged ≥ 35 years with earning ≤ $2,000/month (WTS Scheme) |
$601.50 | $734.50 |
Remarks:
Individual Sponsored
- Eligible Singapore Citizens can use their SkillsFuture Credit to offset course fee payable after funding.
Company Sponsored
- Absentee Payroll claimable by SMEs: Up to 80%of hourly basic salary capped at $7.50/hr
- Absentee Payroll claimable by Non-SMEs: Up to 80% of hourly basic salary capped at $4.50/hr
- Absentee payroll claimable by companies (SMEs and Non-SMEs) sponsoring candidates under WTS Scheme: Up to 95% of hourly basic salary (no dollar cap)
Terms & Conditions
- All prices stated above are in Singapore Dollars (SGD). This funding support is only applicable for Singapore Citizen and Permanent Residents.
- Trainee must attained minimum 75% attendance and pass all assessment within 3 months to qualify for SF Funding.
- Trainee undertakes to reimburse ST Electronics (e-Services) FULL course fees should he/she be ineligible for course fee grant. ST Electronics (e-Services) is not liable for any other funding not approved by WSG.
- Trainees must be competent for all assessments before they are eligible for SF funding.
- ST Electronics (e-Services) reserves the right to change the date or venue without prior notice.
- ST Electronics (e-Services) reserves the right to cancel or reschedule the course due to class size or unforeseen circumstances.
Please click on the course date to enrol.
