This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Learn More about the Building Secure Ajax and Web 2.0 Applications Class
Ajax and Web 2.0
This two-day class will cover common Web 2.0 and AJAX security threats and vulnerabilities and it will provide specific guidance on how to develop Web 2.0 applications to defend against these threats and vulnerabilities. Training developers on secure coding practices offers one of highest returns on investment of any security investment by eliminating vulnerabilities at the source. Aspect’s Building Secure Ajax and Web 2.0 Applications Course is designed to enable developers to security utilize Web 2.0 technologies in their web applications without introducing security issues. The course provides detailed examples of ‘what to do’ and ‘what not to do.' The class is lead by an experienced developer and is delivered in a very interactive manner. This course is intended to build on one of Aspect’s foundational secure coding courses. The course will use demonstrations, code examples, and spot-the-bug exercises to get developers engaged in the topic. Developers will leave with an understanding of how Ajax attacks work, the impacts of successful attacks, and what to do to defend against them.
The intended audience for this course is: Application developers
At the highest level, the objective for this course is to ensure that developers are capable of designing, building, and testing secure Web 2.0/Ajax-enabled applications and understand why this is important.
Topic and Learning Objective
Principles - Students should be able to apply the principles while Ajax enabling applications to prevent vulnerabilities from being introduced
Architecture - Students should be able to identify the key security concerns in designing an Web 2.0 / Ajax application architecture and evaluate solutions
Authentication - Students should know the key issues in building an Web 2.0 / Ajax application that authenticates users and manages their sessions without compromising their credentials
Access Control - Students should know the key issues in building an Web 2.0 / Ajax application that prevents unauthorized access to services, business logic, and data
Validation - Students should know the key issues in building an Web 2.0 / Ajax application that prevents injection and other attacks relying on malformed input
Data Protection - Students should know the key issues in building an Web 2.0 / Ajax application that properly protects data stored in the browser