Intrusion Defense School

Web application attacks: Building hardened apps

Learn about the myriad of Web application attacks happening today, including detailed explanations of SQL injection attacks, clickjacking, cross-site scripting, cross-site request forgery and other Web-based attacks that lead right to sensitive information stored in a back-end database. Understand how to assess production Web apps for dangerous flaws and how to architect a software development process that can help counter these threats in both QA and production.

About the expert:
Cory Scott is a director with security consultancy Matasano Security.

In this part:

Video: Web application attacks: Types and countermeasures

Not all Web application attacks are created equally; different layers of a Web app require different means of attack. In this video presentation, our expert will explain different attacks in the wild and how they target different layers of a Web application, from the browser to application functionality, data repositories and the Web server environment. Matasano Security's Cory Scott covers Web application attack types and how they target different layers of an application.

Tip: How to review your Web application security assessment tools, strategy

Expert Cory Scott offers pointers for using Web application security assessment tools and developing an application security assessment strategy.

Podcast: Top 5 must-haves for your SDL security strategy

Securing Web applications is no longer possible if it's only an after-the-fact exercise. Software security best practices must be integrated into the application development life cycle so that attackers never have a chance to exploit common application flaws. In this recording, our expert will cover the essential framework for including security in a software development life cycle. You’ll learn five things your SDL must include and how to evangelize and implement security to application developers.