A web application is a program that runs on a web server and is accessed using a web browser.  Almost every website includes web applications such as online forms, search engines, shopping carts, spreadsheets, file sharing, and email services.  Since web applications are ubiquitous on the Internet, they are attractive targets for malicious actors.  On completion of this course, students will receive a printable certificate of completion, as well as a badge that can be exported to badgr for use on LinkedIn and other sites.

In this course students will learn about web technologies and how they are used to build web applications.  They will learn about the kinds of security vulnerabilities commonly found in web applications, tools they can use to find these vulnerabilities, and what they can do to protect their applications.  The course includes video presentations, hands-on labs, and quizzes.

The course is taught by Prof. Aspen Olmsted, online Program Director of Computer Science at Simmons University.  He is the founding Program Directory for the New York University (NYU) Cyber Fellows MS in Cybersecurity program.  Prof. Olmsted has developed over twenty EdX courses for computer science undergraduates, and several Coursera courses for Linux certification, Visual Basic, and Python programming.   Prof. Olmsted managed the  National Security Administration (NSA) sponsored  Center For Academic Excellence (CAE) programs in Cyber Defense, Cyber Operations, and Cyber Research.  He continues to consult with the NSA to evaluate universities building new cybersecurity programs.

Who Should Attend

Anybody wanting to learn about web technologies and the security of web applications.  This includes security architects, penetration testers, and web software developers.

What You Will Learn

• Fundamentals of web technologies including web servers, HTTP, HTML, and databases.
• Web application vulnerabilities
• Website reconnaissance and open source intelligence (OSINT)
• Monitoring web browser-server communication and middle-box proxies
• Scanning web servers and internet-enabled appliances for vulnerabilities
• Relational databases and SQL Injection attacks