即使是经验丰富的程式师也无法完全掌握其开发平台提供的各种安全服务,同样也不知道与他们开发相关的不同漏洞。本课程面向同时使用 Java 和 PHP 的开发人员,为他们提供必要的基本技能,使他们的应用程式能够抵御通过 Internet 的现代攻击。
通过处理访问控制、身份验证和授权、安全通信和各种加密功能,逐步完成 Java 安全架构的级别。还介绍了各种可用于保护 PHP 中代码的 API,例如用于加密的 OpenSSL 或用于输入验证的 HTML Purifier。在伺服器端,给出了强化和配置操作系统、Web 容器、文件系统、SQL 伺服器和 PHP 本身的最佳实践,同时通过 JavaScript、Ajax 和 HTML5 的安全问题特别关注用户端安全性。
一般的 Web 漏洞通过与 OWASP Top 10 相关的示例进行讨论,展示了各种注入攻击、脚本注入、针对会话处理的攻击、不安全的直接物件引用、档上传问题等等。介绍了各种特定于 Java 和 PHP 的语言问题以及由运行时环境引起的问题,这些漏洞被归类为标准漏洞类型,包括缺少或不正确的输入验证、不正确的安全功能使用、不正确的错误和异常处理、与时间和状态相关的问题、代码质量问题和与移动代码相关的漏洞。
参与者可以亲自尝试所讨论的 API、工具和配置效果,而漏洞的引入都由许多动手练习提供支援,这些练习演示了成功攻击的后果,展示了如何纠正错误和应用缓解技术,并介绍了各种扩展和工具的使用。
参加本课程的学员将
- 了解安全、IT 安全和安全编码的基本概念
- 了解 OWASP Top 10 之后的 Web 漏洞,并知道如何避免它们
- 了解用户端漏洞和安全编码实践
- 学习使用 Java 开发环境的各种安全功能
- 对密码学有实际的了解
- 学习使用 PHP 的各种安全功能
- 了解 Web 服务的安全概念
- 获取有关使用安全测试工具的实用知识
- 了解典型的编码错误以及如何避免这些错误
- 了解 Java 和 PHP 框架和库中的最新漏洞
- 获取有关安全编码实践的原始程式码和进一步阅读材料
观众
开发人员
- IT 安全和安全编码
- Web 应用程式安全
- Web 应用程式漏洞
- 用户端安全性
- Java 安全的基础
- 实用密码学
- Java 安全服务
- PHP 安全服务
- PHP 环境
- Web 服务的安全性
- 常见的编码错误和漏洞
- 知识来源
United Arab Emirates - Combined JAVA, PHP and Web Application Security
Qatar - Combined JAVA, PHP and Web Application Security
Egypt - Combined JAVA, PHP and Web Application Security
Saudi Arabia - Combined JAVA, PHP and Web Application Security
South Africa - Combined JAVA, PHP and Web Application Security
Brasil - Combined JAVA, PHP and Web Application Security
Canada - Combined JAVA, PHP and Web Application Security
中国 - Combined JAVA, PHP and Web Application Security
香港 - Combined JAVA, PHP and Web Application Security
澳門 - Combined JAVA, PHP and Web Application Security
台灣 - Combined JAVA, PHP and Web Application Security
USA - Combined JAVA, PHP and Web Application Security
Österreich - Combined JAVA, PHP and Web Application Security
Schweiz - Combined JAVA, PHP and Web Application Security
Deutschland - Combined JAVA, PHP and Web Application Security
Czech Republic - Combined JAVA, PHP and Web Application Security
Denmark - Combined JAVA, PHP and Web Application Security
Estonia - Combined JAVA, PHP and Web Application Security
Finland - Combined JAVA, PHP and Web Application Security
Greece - Combined JAVA, PHP and Web Application Security
Magyarország - Combined JAVA, PHP and Web Application Security
Ireland - Combined JAVA, PHP and Web Application Security
Luxembourg - Combined JAVA, PHP and Web Application Security
Latvia - Combined JAVA, PHP and Web Application Security
España - Combinado JAVA, PHP y Seguridad de Aplicaciones Web
Italia - Combined JAVA, PHP and Web Application Security
Lithuania - Combined JAVA, PHP and Web Application Security
Nederland - Combined JAVA, PHP and Web Application Security
Norway - Combined JAVA, PHP and Web Application Security
Portugal - Combined JAVA, PHP and Web Application Security
România - Combined JAVA, PHP and Web Application Security
Sverige - Combined JAVA, PHP and Web Application Security
Türkiye - Combined JAVA, PHP and Web Application Security
Malta - Combined JAVA, PHP and Web Application Security
Belgique - Combined JAVA, PHP and Web Application Security
France - Combined JAVA, PHP and Web Application Security
日本 - Combined JAVA, PHP and Web Application Security
Australia - Combined JAVA, PHP and Web Application Security
Malaysia - Combined JAVA, PHP and Web Application Security
New Zealand - Combined JAVA, PHP and Web Application Security
Philippines - Combined JAVA, PHP and Web Application Security
Singapore - Combined JAVA, PHP and Web Application Security
Thailand - Combined JAVA, PHP and Web Application Security
Vietnam - Combined JAVA, PHP and Web Application Security
India - Combined JAVA, PHP and Web Application Security
Argentina - Combinado JAVA, PHP y Seguridad de Aplicaciones Web
Chile - Combinado JAVA, PHP y Seguridad de Aplicaciones Web
Costa Rica - Combinado JAVA, PHP y Seguridad de Aplicaciones Web
Ecuador - Combinado JAVA, PHP y Seguridad de Aplicaciones Web
Guatemala - Combinado JAVA, PHP y Seguridad de Aplicaciones Web
Colombia - Combinado JAVA, PHP y Seguridad de Aplicaciones Web
México - Combinado JAVA, PHP y Seguridad de Aplicaciones Web
Panama - Combinado JAVA, PHP y Seguridad de Aplicaciones Web
Peru - Combinado JAVA, PHP y Seguridad de Aplicaciones Web
Uruguay - Combinado JAVA, PHP y Seguridad de Aplicaciones Web
Venezuela - Combinado JAVA, PHP y Seguridad de Aplicaciones Web
Polska - Combined JAVA, PHP and Web Application Security
United Kingdom - Combined JAVA, PHP and Web Application Security
South Korea - Combined JAVA, PHP and Web Application Security
Pakistan - Combined JAVA, PHP and Web Application Security
Sri Lanka - Combined JAVA, PHP and Web Application Security
Bulgaria - Combined JAVA, PHP and Web Application Security
Bolivia - Combinado JAVA, PHP y Seguridad de Aplicaciones Web
Indonesia - Combined JAVA, PHP and Web Application Security
Kazakhstan - Combined JAVA, PHP and Web Application Security
Moldova - Combined JAVA, PHP and Web Application Security
Morocco - Combined JAVA, PHP and Web Application Security
Tunisia - Combined JAVA, PHP and Web Application Security
Kuwait - Combined JAVA, PHP and Web Application Security
Oman - Combined JAVA, PHP and Web Application Security
Slovakia - Combined JAVA, PHP and Web Application Security
Kenya - Combined JAVA, PHP and Web Application Security
Nigeria - Combined JAVA, PHP and Web Application Security
Botswana - Combined JAVA, PHP and Web Application Security
Slovenia - Combined JAVA, PHP and Web Application Security
Croatia - Combined JAVA, PHP and Web Application Security
Serbia - Combined JAVA, PHP and Web Application Security
Bhutan - Combined JAVA, PHP and Web Application Security
Nepal - Combined JAVA, PHP and Web Application Security
Uzbekistan - Combined JAVA, PHP and Web Application Security