Applications cyber security / Professional

ANT0301

WEB-application security

Duration of training: 5 days

start date: Monday, December 1, 2025

sign up for a course

description
course

The material of this course will allow listeners to study the principles and specific mechanisms of Web-applications protection. The course material also reveals methodological aspects of designing, implementing and ensuring the operability of Web-applications within the frame of corporate cyber security architecture.

course audience

Engineers ensuring cyber security in corporate infrastructure, as well as cyber security of corporate web-applications; Engineers designing cyber security architecture.

prerequisites

Knowledge of TCP/IP networking at the ANT-N101 course level and general cyber security knowledge at the ANT0000 course level are required.

how it works
education

online course

The online course involves group classes with an instructor via video conferencing, in addition, homework and an exam.

for corporate clients

training for corporate clients includes online and self-study courses, as well as additional services required by corporate clients: organizing training plans for client departments, assessing the effectiveness of training, etc.

teacher
course

program
course

• HTML and HTTP.
• XML.
• Web-servers.
• Web-clients.
• «Active» content.
• Architecture of Progressive Web App.
• Threats of the server part of Web-applications.
• Threats of the client part of Web-applications.
• Building a Web-application threat model.
• Protection from DoS and DDoS attacks.
• Authentication and authorization.
• SSO. OpenID and OAuth.
• Problems of obfuscation.
• Secure file upload procedures.
• Protection from injections.
• Protection from cryptanalysis attacks.
• Protection of Web-frameworks.
• Features of browsers operations.
• Content Security Policy and CORS.
• Features of processing third-party Java Scripts.
• Problems of obfuscation.
• Protection from XSS attacks.
• Protection from CSRF attacks.
• Protection from Clickjacking attacks.
• Protection mechanisms of HTML5.
• Apache.
• NGINX.
• IIS.
• jBoss.
• Wildfly.
• TOMCAT.
• WAF concept.
• Installation and configuration of WAF Modsecurity.
• Integration of WAF Modsecurity and IPS.
• Configuring filtering rules of WAF Modsecurity.
• Use of reputational analysis.
• Anomaly detection.
• Optimizing WAF Modsecurity operations.
• Monitoring cyber security events and incidents.
• Responding to cyber security events and incidents.
• Modernizing threat model and risk calculations based on new events and incidents.
• Web-applications security policies.
• Web-applications safety metrics.
• Web-applications within the frame of corporate security architecture.

Сourse purchase
options

individual

Cost — $1,550.00

Group online classes

Unlimited access to all the materials

Live webinars with teachers

Homework

Exam with certificate

Course dates:

pay for the course

corporate

Cost от $1,550.00

To obtain information about the final cost and clarify the date of the course, please fill out the form.

SUBMIT YOUR APPLICATION

* By clicking “send”, you agree to the Terms of Service And Privacy Policy