ISACA - Chicago Chapter - Spring Seminar 2009

Chicago Chapter ISACA

Fall Seminar
November 9th - 10th 2009
Securing and Auditing Your Web-Enabled Applications
Designing and Ensuring End-to-End Security and Compliance in Today's E-Business Applications
Instructor: Ken Cutler, CISSP, CISA, CISM - MIS Training Institute

Register: http://www.123signup.com/calendar?Org=isaca-chicago

Special pricing for chapter members. The Chicago Chapter Board is offering this course at a special rate of only $250 to our membership in support of just one of the numerous values of being a Chicago Chapter ISACA member in these difficult economic times.

When:
8:00AM-5:00PM (15 CPE hours)
Continental Breakfast 8:00 AM, Class 8:30 AM

Where:
Gleacher Center
450 North Cityfront Plaza Drive
Chicago, IL 60611
Telephone: 312-464-8787
Email: info@gleachercenter.com
Web: www.gleachercenter.com

Focus and Features
The recent avalanche of government regulatory initiatives, litigations, and intensified attacks on Web-based applications, along with traditional information asset protection, have significantly raised the stakes on the importance of secure application design, testing, certification/accreditation, and audit. In addition, IT applications have become more complex and frequently rushed to market by commercial IT product and internal developers, increasing the business risks and the challenges to applying and verifying reliable security safeguards.

In this information-packed two-day seminar you will cover key building blocks and significant risks, and systematically sort through the available safeguards in today's complex Web-enabled, multi-tiered applications. We will place special emphasis on a control point definition and transactional analysis approach to application design, security, and auditing within the context of robust but practical enterprise architecture and governance models. Case studies, demonstrations, and checklists will provide reinforcement and enhanced comprehension of complex design, safeguard concepts, and best practices.

What You Will Learn

1. Web Application Architectures
- client/server and middleware security for multi-tiered applications
- contemporary application building blocks
- web application control points
- middleware and security application program interfaces (APIs)
- hypertext transfer protocol (HTTP) and uniform resource locator (URL) essentials
- HTTP state management: cookies, hidden fields, view state, query strings
- locating control points and mapping associated sources of security services in complex, multi-tiered applications

2. Web (HTTP) Server Security and Audit
- web server configuration: operational and security features
- web server configuration best practices
- user authentication and web-based single sign-on
- access control and server lockdown procedures
- session encryption: Secure Sockets Layer (SSL)
- web server security audit logs and intrusion detection systems
- comparing and contrasting security features for prominent web servers: Apache, Microsoft IIS, Sun Java System Web Server (iPlanet/NetScape)
- perils and protections for remote Web application development: Frontpage, WebDAV, Expression Web, SharePoint
- application firewalls and intrusion prevention systems
- tools, techniques, and checklists for securing and auditing Web servers

3. Security in Web Application Software Design
- sorting out the Web application environment building blocks and tools
- common vulnerabilities and attacks on Web applications: brute force attacks, privilege escalation, cross-site scripting, SQL injection, buffer overflow
- server-side web page scripting security: SSI, CGI, ASP, ASP.NET, PHP, JSP
- mobile code security: Java, ActiveX, VBScript, JavaScript, AJAX
- best practices for input validation and error handling
- software testing and assurance tools and techniques
- tools, techniques, and checklists for secure application design

4. Web Application Servers
- roles, architecture, and security control points for XML-oriented development environments and associated Web application servers
- assessing available security services and associated design best practices for the two prevailing Web application server environments:
- Microsoft .NET Framework and associated ASP.NET components
- Java 2 Enterprise Edition (J2EE)
- demystifying web services and Service Oriented Architectures (SOAs)
- tools and techniques for securing and auditing Web application servers and web services

Register: http://www.123signup.com/calendar?Org=isaca-chicago
When: November 9th & 10th, 2009
Location: Gleacher Center, 450 North Cityfront Plaza Drive
Time: 8:00 AM to 5:00 PM (registration & breakfast from 8:00 AM to 8:30 AM, class at 8:30 AM)
Cost: $250 members; non–members $450
CPE: Fifteen (15) hours

Home