What You Will Learn :
- Learn The Secure Application Design, Testing and Audit
- Learn The Laws and Standards Affecting IT Audit
Description
In this information-packed four-day seminar, we will cover, in-depth, key building blocks of modern IT audit, physical and logical security, including identity and access management. We will pay particular attention to the threats and vulnerabilities to web-based e-commerce. We will place special emphasis on discovering best practices and standards for auditing web (HTTP) servers and application servers and walk away with tools, techniques, and checklists for discovering and testing web and application server security.
We will also cover auditing database management systems within the context of robust but practical enterprise architecture and governance models and go over web services and service-oriented architectures including SOAP, ReST, SOA, and ESB. Together, we will also review safeguard concepts and best practices for secure mobile and wireless applications. We will also discuss standards associated with privacy issues and intellectual property concerns.
TRAINING CONTENT
- Identity and Access Control Management (I&ACM) Architecture
- Web Application Architectures
- Auditing Web (HTTP) Servers
- Secure Application Design, Testing and Audit
- Auditing Application (Middleware) Servers
- Auditing Database Management Systems
- Web Services and Service-Oriented Architectures (SOA)
- Mobile Application Security and Audit
- Laws and Standards Affecting IT Audit
Who is this course for?
IT auditors with 5+ years of experience, or those tasked with auditing web servers, application servers, database management systems and enterprise architecture
Prerequisites: Intermediate IT Audit School (ITG241) or Network Security Essentials (ASG203) or equivalent experience. Familiarity with basic IT controls terminology and concepts is assumed.