应对网络威胁的电子商务网络应用课程
随着疫情的影响,愈来愈多公司尝试建立企业网站以积极发展电子商务。毫无疑问,如果拥有大量有价值的客户数据,这些网站便很容易成为黑客攻击的目标。不安全的网站应用程序更会大大增加了数据泄漏和系统受损的风险。
此课程适合任何网站管理员。在课程中,学生不但能了解网站应用程序的最新发展、常见的网站保安问题,以及保护网站的策略等。同时课程亦提供实作机会,让每位学生都能学习并体验网站安全性的检测和验证(或渗透测试)操作技巧。
(课程内容介绍以英文为准)
With the impact of COVID-19, companies are paying more effort in the development of their websites to incorporate into e-commerce.
No doubt, business websites could hold valuable client data and become attractive targets of hackers. Risk of data leakages and system compromise cases result from insecure web applications.
This programme is for any website administrator to go through the journey of the recent development of web applications, common web application security issues and tactics to secure websites. A hands-on lab will be provided for participants to gain practical experience in checking and verifying security (or penetration testing) of a fully functioned e-commerce website.
Course Objectives
Participants should be able to:
- Understand the recent web technology and web application security landscape
- Understand the OWASP Top 10 web security issues
- Understand and apply the web application security concepts, techniques and tools learnt to fix OWASP Top 10 issues in different platforms
- Apply the skills learnt from Juice Shop hands-on exercise and tools in assessing the security of (or penetration testing) a fully functioned e-commerce website
Date and Time
2 -3 November 2021
09:30 – 17:00
Venue
1/F, HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong
Medium
Cantonese with English terminology
Course Outline
- Introduction to the latest Web Security Landscape
– Basics of web technology
– Well known web compromised security incidents
– Application Security Concepts
– Common web application issues (on different platforms and applications)
– OWASP Top 10 for Web Application
- Tools for Website Security Testing and Verification
– Useful Chrome browser plugins for developers
– OWASP ZAP, etc.
- OWASP Juice Shop Workshop
– Hands on exercise to identify security vulnerabilities and fix them
Fee
Early Bird Price (deadline on 2 Oct 2021):
-Staff of Organiser or Member of Supporting Organisation: HK$6,000 per person
-Non-member: HK$6,200 per person
Regular Price:
-Staff of Organiser or Member of Supporting Organisation: HK$6,200 per person
-Non-member: HK$6,400 per person
Member of HKRMA:
– HK$6,000 per person
Trainer
Mr Bernard KAN
Bernard KAN has over 20 years of experience in information security as a security team leader in Banking and Telecommunication industries and HKCERT.
He has been delivering quality information security training to enterprises, talks in in security conference and sharing sessions to NGOs. He was a frequent speaker for security awareness training.
He had been a part-time lecturer a post-graduate Information Security certificate course of City University of Hong Kong for 6 years.
Bernard holds various professional certifications, including CISSP, GCIA, GCIH, CWSP, CCNP, MCSE and CEC. He is a Master of Science degree in E-Commerce.
Target Audience
- Website owners interested in web application security
- Web application developers
- Information security staff interested in enhancing hands-on experience on web application testing
Certificate of Training
Participants who have attained 75% or more attendance of lecture will be awarded an Attendance Certificate.