Web Application Security
The intent of the Web Application Security Knowledge Unit is to provide students with an understanding of technology, tools, and practices associated with web applications.
Topics
- Web Application Technologies
a. HTTP Protocol
b. Encoding Schemes
c. Web Application architectures
d. AJAX
e. XML and JSON
- Web Application Technologies
- Authentication
- Access Controls
- b. Encoding Schemes
- Application Server Vulnerabilities
Outcomes
- Examine concepts of web application technologies and security issues associated with them.
- Describe approaches used in the development and deployment of secure web applications
- Explain how web applications are operated in a secure manner.
KSA-T
Below are the Knowledge, Skills, Abilities and Tasks (KSA-T) identified as being required to perform this work role.
Learn More about the KAS-T's.
ID |
DESCRIPTION |
K0070 |
Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). |
K0624 |
Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list) |
K0089 |
Knowledge of systems diagnostic tools and fault identification techniques. |
K0161 |
Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks). |
K0143 |
Knowledge of front-end collection systems, including traffic collection, filtering, and selection. |
K0056 |
Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML). |
K0065 |
Knowledge of policy-based and risk adaptive access controls. |
K0007 |
Knowledge of authentication, authorization, and access control methods. |
K0033 |
Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists). |
K0009 |
Knowledge of application vulnerabilities. |
K0009: |
Knowledge of application vulnerabilities. |
ID |
DESCRIPTION |
S0031 |
Skill in developing and applying security system access controls. |
S0095 |
Skill in identifying common encoding techniques (e.g., Exclusive Disjunction [XOR], American Standard Code for Information Interchange [ASCII], Unicode, Base64, Uuencode, Uniform Resource Locator [URL] encode). |