רקע לקורס:

Although application security is a relative old subject, most of the focus till few years ago was on securing the network infrastructure (e.g. firewalls, VPNs etc.), and the servers Operating Systems (e.g. patch management systems). In the last years focus has been shifted from the network and the infrastructure to the application layer. This is due to the fact that the infrastructure (i.e. network and OS) security has improved significantly while applications have remained vulnerable, and the application layer has become the main target of attacks. (Most of the cyber attacks today are exploiting application layer vulnerabilities.)

In the course we will learn the different aspects of application security including authentication, authorization, auditing and logging, as well as the existing technologies, standards, and best practices addressing these security requirements. In addition, we will learn how to build secure applications and prevent application layer vulnerabilities. We will analyze application layer vulnerabilities, explain how they are used by hackers to attack the application and/or the system, and discuss the secure coding best practices, and security testing tools used to present these vulnerabilities. 

הנושאים שילמדו בקורס:

• The risk caused by un secure application
  • Application vulnerabilities and associated threats/risks
  • Security infrastructure and how it helps to protect the application
• Information and application security concepts and terminology
  • Positive Security Logic
  • Negative Security Logic
• Usage of encryption technologies for Confidentiality and Data integrity
  • Introduction to Symmetric Encryption
  • Introduction to Asymmetric Encryption
  • XML-Encryption
  • Hash functions and digital signatures
  • XML-Digital signatures
  • Java Crypto Library architecture and usage (optional)
• Authentication
  • User authentication technologies
    • Challenge-Response
    • Password management
    • OTP tokens