Web Application Security

To support the preparation of participants in the Web Applications Attack and Defence Course, the Centre provides an online web-based course on web application security. This course is open to all individuals from Sponsoring Nations, Contributing Participants as well as NATO bodies.  The course can be accessed through the NATO e-Learning Joint Advanced Distributed Learning Portal.

Learning Objectives

  • List the ways of physically connecting a sensor to a monitored network
  • Install and configure a web server in a secure way
  • Secure HTTPS and SSL/TLS by configuring cipher suites and cookies and using HTTP Strict Transport Security (HSTS) and Content Security Policy (CSP)
  • Manage the logs, backups and remote logins of a web application
  • Describe the purpose and the strengths and weaknesses of a web application firewall (WAF)
  • Test web server security by using vulnerability scanning and pentesting
  • Describe other elements of web application security that should be taken care of (operating system security, network security and database hardening)

Target Audience

The TA of this module is the same TA, as the targeted TA of the Web Applications Attack and Defence Course.

Outline

  • Practical guidelines about web application security and web server security
  • Following these guidelines by a system administrator helps to make a website more secure

 Prerequisites

The requirements of the the Web Applications Attack and Defence Course apply.

Registration

The course can be accessed through the NATO e-Learning Joint Advanced Distributed Learning portal and is available to all users of the portal. Once registered, users may access the course by navigating to the ‘Centres of Excellence’ -> ‘COE Cyber Defence’ -> ‘Web Application Security’ course listing.