The LAMP (Linux, Apache, MySQL and PHP) web service stack is one of the most popular choices for developing and deploying web applications. Due to the rich set of features and the complexity of this bundle, special attention must be paid to its security configuration.
With the introduction of wide-ranging and impactful legislation and requirements for privacy and data security (like GDPR), a radical, yet powerful cryptography-based solution is gaining traction and relevance. The “Untrusted Server” model assumes the Web application backend will never have access to customers’ data in plaintext, thereby negating almost all impact of data breaches – as the server is unable decrypt users’ data, so is the attacker.
By popular demand, CyResLab has developed a version of the "Top 10 Web Threats" course for QA specialists. The course shifts focus from secure coding and programming countermeasures to security defect detection and analysis (a.k.a. triage), as well as the tools that are needed to master this process.
This advanced hands-on course picks where “Top 10 Web Threats” left off – namely to deepen the understanding of the top vulnerabilities and to broaden the scope of vulnerabilities that are discussed.
Various sources identify that between 20% and 60% of websites have each at least one serious vulnerability. A serious issue is the diversity of threats on Web platforms – different types of attacks can shut down entire services, steal valuable data, impersonate legitimate sites, intercept data on-the-fly, forge user actions, etc.