Application of theory to practice
My course on application security served a great deal in my professional work experience in the field of Information technology. One of the critical course objectives that were very instrumental to me in the course of my working was web fundamentals and security configurations. After the completion of this topic, I was able to understand how a web application works and the security concepts that are associated with them. With this kind of know-how, I effectively interacted with the various applications hosted on the web at my place of work without worrying about security threats as I could apply the acquired skills of defending the platforms. Apart from that, still under this topic on web fundamentals and security configurations, I was able to familiarize myself with the common pitfalls of the infrastructure along with web applications with the aim of properly securing them. This made it easier for me to detect when I was under threat while interacting with the organizational systems.
Apart from that, the other skill that I acquired in the course of pursuing application security subject is cutting-edge web security. Some of the skills that were acquired in this case were clickjacking, DNS rebinding along with serialization security. In my work practice, I was able to apply the latest defensive tactics that could prevent me against these forms of attacks. I was also able to cover the various security issues related to components of HTML5 and how to handle Unicode in the web applications world. With this kind of knowledge, I could apply the best practices in addressing the vulnerabilities surrounding such component. Besides, the other area that was covered in the pursuance of the topic on cutting-edge web security was on the testing aspect of the web application security. My familiarization with this subject area has sharpened my skills in navigating through the testing cycles of modern-day applications.
Web services and front-end security is the other section that was covered in the syllabus. In this case, I was able to gain skills in intrusion detection, the use of deception, as well as how to handle file uploads (Serrão, Díaz, & Cerullo, 2010). The knowledge in this area helped me in defending the various applications that I used at my workplace. Besides, the pursuance of the course also prepared me well in areas of security of JavaScript, XML, along with other web services. On completion of this unit in the subject, I was able to apply the best practices in the implementation of AJAX and web services.
Last but not least, defence against input related threats is the other area of the subject that I found to be of relevance in my professional practice. There are various inputs that I interacted with in the course of my working with the relevant sources being the applications, browsers, along with web services. The knowledge and skills gained on the topic on the defence against input related threats helped me in thwarting possible input attacks in my organization.
References
Serrão, C., Díaz, V. A., & Cerullo, F. (2010). Web application security: Iberic Web
Application Security Conference, IBWAS 2009, Madrid, Spain, December 10-11, 2009
: revised selected papers. Berlin: Springer.