Sold by: SANS Institute
Deployed on AWS
Learn to understand and mitigate vulnerabilities in web applications, APIs, and microservices. Covers OWASP Top 10 defenses, input validation, authentication and authorization, encryption, SOAP/REST/GraphQL API security, and secure integration of AI components into modern applications.
Overview
In the interconnected world of modern applications, HTTP is the universal language enabling cloud computing, microservices, APIs, and AI platforms to communicate. Whether securing a traditional web application, protecting cloud-native services, or defending AI model endpoints, the fundamentals remain the same.
What you will learn:
- Defend against OWASP Top 10 attacks including SQL injection, XSS, and CSRF
- Implement secure authentication with OAuth, SAML, SSO, and passwordless mechanisms
- Protect sessions and implement proper authorization controls
- Apply encryption best practices for data in transit and storage
- Secure SOAP, REST, and GraphQL APIs from common attacks
- Implement Content Security Policy and other browser-based defenses
- Address deserialization vulnerabilities and DNS rebinding
- Secure microservices architectures and AI component integrations
Labs provide realistic application environments where students explore attacks and implement defenses. The course culminates in a Defend the Flag capstone where participants identify vulnerabilities and apply mitigations under pressure.
36 CPEs over 6 days.
Highlights
- Defend against OWASP Top 10 attacks, secure authentication with OAuth/SAML/SSO, protect SOAP/REST/GraphQL APIs, and integrate AI components securely into modern applications
- 21 hands-on labs plus Defend the Flag capstone - covering SQL injection, XSS, CSRF, authentication, deserialization, DNS rebinding, and API security
- Prepares for GWEB certification (exam sold separately) - ideal for application security analysts, architects, and penetration testers. 36 CPEs, 6 days
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
SEC522 - Single User | Single user license for Cloud - SEC522: App Security: Securing Web Apps, APIs, & Microservices | $8,780.00 |
Vendor refund policy
Refund requests must be submitted by the deadline date specific to User's training event. To find the specific deadline date for User's training event, please go to training event link at <www.sans.org > and click on the cancellations link.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Support
Vendor support
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
F5 Distributed Cloud Services is a suite of security, networking and application management services that enable customers to deploy, connect, secure, and manage any application or API across a broad array of public, private, network, and edge locations, revolutionizing how enterprises navigate the rapidly evolving digital landscape. Built on a globally distributed platform that provides secure network connectivity for workloads deployed in on-premises and public cloud environments, F5 Distributed Cloud Services are integrated into a consolidated software stack that can be consumed via SaaS or deployed locally in on-premises environments.
NGINX Plus combines the speed and performance of NGINX with the trust and security behind the power of F5. Protecting your web applications is easy using NGINX App Protect, a lightweight, modern application and API, software security solution that seamlessly integrates security policies into DevOps environments to enable security as code as either a robust Web Application Firewall (WAF), and/or as Layer 7 DoS defense. NGINX App Protect security solutions run natively on NGINX Plus to support all platforms, architectures and AWS hybrid environments while delivering consistent performance and protection across your entire infrastructure. NGINX Plus is cloud-native, and can be used as a reverse proxy, load balancer and API gateway. NGINX Plus provides scalability and high availability, DNS system discovery, and session persistence, along with monitoring to support debugging and diagnosing complex application architectures. Included in this subscription is NGINX's award-winning support.
Protecting your traditional HTTP and modern HTTP/2 web applications like gRPC and WebSocket is easy using NGINX App Protect DoS, a lightweight, modern application and API, software security solution that seamlessly integrates security policies into DevOps environments to enable security as code as a Layer 7 DoS defense. NGINX App Protect DoS establishes a baseline for normal traffic patterns using machine learning based algorithms and analysis of client behavior and application/API health, to significantly reduce operational costs and false positives. NGINX App Protect DoS runs on all platforms, architectures, and AWS hybrid environments delivering consistent protection. NGINX Plus is cloud-native, and can be used as a reverse proxy, load balancer and API gateway. NGINX Plus provides scalable and reliable high availability, DNS system discovery, and session persistence, along with monitoring to support debugging and diagnosing complex application architectures.
Protecting your traditional HTTP and modern HTTP/2 web applications like gRPC and WebSocket is easy using NGINX App Protect DoS, a lightweight, modern application and API, software security solution that seamlessly integrates security policies into DevOps environments to enable security as code as a Layer 7 DoS defense. NGINX App Protect DoS establishes a baseline for normal traffic patterns using machine learning based algorithms and analysis of client behavior and application/API health, to significantly reduce operational costs and false positives. NGINX App Protect DoS runs on all platforms, architectures, and AWS hybrid environments delivering consistent protection. NGINX Plus is cloud-native, and can be used as a reverse proxy, load balancer and API gateway. NGINX Plus provides scalable and reliable high availability, DNS system discovery, and session persistence, along with monitoring to support debugging and diagnosing complex application architectures. Included in this subscri
![App & API Protector Hybrid [BYOL]](https://d7umqicpi7263.cloudfront.net/img/product/535834a5-f2dd-4003-9820-3186a29e47e6.com/15d74fef26b3a9b0a4701bb67e8fa536)
Bring Akamais trusted App & API Protector into your AWS environment with a reverse proxy AMI delivering enterprise-grade WAF, API security, DDoS, and zero-day protection that go beyond AWS native tools.
Customer reviews
No customer reviews yet
Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.