生产力学院 - Securing Your E-Commerce Web Application Against Cyber Threats
Securing Your E-Commerce Web Application Against Cyber Threats
10010840
香港九龙达之路78号
2021-06-29
廖小姐,电话:+852 2788 5704

只提供英語版本

Website is indispensable for running business nowadays. Some businesses use website to present product and service information while others  go  further  to  incorporate   e-commerce capability into the website. With the impact of COVID-19, more companies pay more effort in the development of e-commerce.

Business websites might hold valuable data and become attractive targets of hackers. Many data leakage and system compromise cases are the result of insecure web applications.

This course will take you through the journey of recent development of web applications, common web application security issues and how to secure them. A hands-on lab provides practical experience to participants on checking and verifying security (or penetration testing) of a fully functioned e-commerce website.

Course Objectives

By going through this programme, participants should be able to:

    • Understand the recent web technology and web application security landscape
    • Understand the OWASP Top 10 web security issues
    • Understand and apply the web application security concepts, techniques and tools learnt to fix OWASP Top 10 issues in different platforms
    • Apply the skills learnt from Juice Shop hands-on exercise and tools in assessing the security of (or penetration testing) a fully functioned e-commerce website

Date and Time

29 – 30 June 2021, 09:30 – 17:00

Venue 

1/F, HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong

Medium

Cantonese with English terminology

Course Outline

Introduction to the latest Web Security Landscape

    • Basics of web technology
    • Well known web compromised security incidents
    • Application Security Concepts
      • Least Privileges
      • Secure By Default
      • Defense In Depth
      • Trust No Input
      • Open Design
      • Fail Securely
      • Reuse of Existing Security Controls In A Framework Or
      • Language
      • Robust Error Checking
      • Logging
      • Data Protection
    • Common web application issues (on different platforms and applications)
      • Insufficient HTTP Headers
      • CSP, SOP, CORS
      • Issues with Client-Side Security Measures
      • In-depth into Cookies and Sessions
      • Local Storage
      • Insufficient Data Escaping
    • OWASP Top 10 for Web Application

      • What are OWASP Top 10?
      • How to harden website to prevent OWASP Top 10 issues
  •  

    Tools for Website Security Testing and Verification

      • Useful Chrome browser plugins for developers
      • OWASP ZAP, etc.


    OWASP Juice Shop Workshop

      • Hands on exercise to identify security vulnerabilities and fix them
  •     

Fee

Early Bird Price (deadline on 28 May 2021):

– Staff of Organiser or Member of Supporting Organisation: HK$6,000 per person
– Non-member : HK$6,200 per person

Regular Price:

– Staff of Organiser or Member of Supporting Organisation: HK$6,200 per person
– Non-member : HK$6,400 per person

Member of HKRMA:

– HK$6,000 per person

 

RTTP Approved Course

This course is an approved Reindustrialisation and Technology Training Programme (RTTP), which offers up to 2/3 course fee reimbursement upon successful applications. For details: https://rttp.vtc.edu.hk.

Trainer

Mr Bernard KAN

Bernard KAN has over 20 years of experience in information security as a security team leader in Banking and Telecommunication industries and HKCERT.He has been delivering quality information security training to enterprises, talks in in security conference and sharing sessions to NGOs. He was a frequent speaker for security awareness training.He had been a part-time lecturer a post-graduate Information Security certificate course of City University of Hong Kong for 6 years. 

Bernard holds various professional certifications, including CISSP, GCIA, GCIH, CWSP, CCNP, MCSE and CEC. He is a Master of Science degree in E-Commerce.

Target Audience

      • Website owners interested in web application security
      • Web application developers
      • Information security staff interested in enhancing hands-on experience on web application testing

Certificate of Training

Participants who have attained 75% or more attendance of lecture will be awarded an Attendance Certificate.

 

Download Full Course Detail ▼