Course Summary

The Web Security In-Depth training material guides students toward Web Security Certification. This interactive course explores security threats and solutions in the web environment. More specifically, students will learn how to minimize risks from network attacks, harden web servers and leverage its features and the operating system to increase security, encrypt web traffic with Secure Sockets Layer (SSL) and issue and manage certificates for browser and server authentication.
The following topics will be addressed in-depth:

• The web client/server architecture
• Web client security
• Operating system and network security
• Web server security
• Using certificates to secure a web server
• Protection of data through firewalls
• Web server security management

This course is ideal for IT professionals who manage web servers on a daily basis or for web developers who wish to learn how to secure websites and web servers.

Table of Contents

1) Introduction to Web Security

1.1 The web client/server architecture
1.2 What does the web server do?
1.3 Transferring hypertext documents with HTTP
1.4 Dynamic content technologies
1.5 Basic information security issues

2) Securing the Web Client

2.1 Threats and vulnerabilities
2.2 Protecting your web browser

3) Configuring Operation System and Network Security

3.1 Operating system security features
3.2 Network security

4) Enhancing Web Server Security

4.1 Controlling access
4.2 Extended site functionality
4.3 Securing web communications with SSL

5) Issuing and Managing Certificates

5.1 Why certificates are used
5.2 Certificate Authorities (CAs)
5.3 Trusting CAs in servers and browsers

6) Protecting Data with Firewalls

6.1 Components of a firewall
6.2 Firewall limitations
6.3 Using application proxies
6.4 Selecting firewall topology

7) Security Management

7.1 Responding to security violations
7.2 Keeping up-to-date on new threats

SEAL - Web Security Brochure (download)