COD 255: Creating Secure Code - Web API Applications
This course introduces the fundamentals of secure web services development. It describes common web services threats that might put your application at risk and reviews best practices that you should incorporate to mitigate the risks from web services attacks. After completing this course, you will be able to describe various web services threats, explain the cause and impact of web services attacks, and implement secure development best practices to help protect web services.
Upon completing this course, participants will be able to:
- Identify methods used by attackers to discover web services
- Identify common web services attacks affecting XML, Xpath, and SOAP
- Identify how an attacker might use cross-site scripting attacks and injection attacks to exploit application vulnerabilities
- Identify strategies for data encryption
- Filter input to ensure safe handling of data
- Securely handle exceptions and properly create audit logs
- Understand different authentication methods and the strengths and weaknesses of each and which are best suited for your application
This course can be customized for Instructor-Led training. Course contents and duration may vary. Contact us for details.