Advanced Web App Protection Industrial Training


HTTP Basics

  1. How HTTP works?
  2. Different Request methods
  3. HTTP request/response examples
  4. Understanding HTTP error codes
  5. Use of cookies
  6. How to detect cookies
  7. Using HTTP interceptor tools
  8. Exercise
  9. Using Paros to intercept HTTP traffic
  10. Web Application Security

Why Web Application Security

  1. Understanding difference between network and application security
  2. Introduction to WASC
  3. Introduction to OWASP top 10
  4. Learning OWASP Vulnerabilities ( Concept + Threat Modeling + Finding out the vulnerability in a web application)
  5. XSS concepts.

SQL injection concepts

  1. Broken Authentication and Session Management

Learning OWASP Vulnerabilities continued

  1. Cross-Site Request Forgery (CSRF)
  2. Security Misconfiguration
  3. Insecure Cryptographic Storage
  4. Failure to Restrict URL Access
  5. Insufficient Transport Layer Protection
  6. Unvalidated Redirects and Forwards
  7. Malicious file execution
  8. Improper error handling

Introduction to Web Inspect

  1. Learn what Web Inspect is
  2. Installation and licensing policy
  3. Understand how Web Inspect works and what types of security issues it finds
  4. Overview of the tool
  5. Typical workflow
  6. Preparation required before using this tool

Introduction and Case Study

  1. Web Hacking Case Studies
  2. Business Risks from Application Vulnerabilities

Web 2.0 Security

  1. What is Web 2.0?
  2. AJAX Vulnerabilities
  3. What are Web Services?
  4. Web Services Vulnerabilities

Threat Modeling – Web Application Security Controls

  1. Application Security – An Overview
  2. Threat Modeling – Objectives
  3. Threat Modeling – Meaning and terminology
  4. Hacker’s Interest Area
  5. Threat Profiling
  6. Practical Considerations
  7. Case Study

Introduction to web application Vulnerabilities

  1. OWASP Top Ten
  2. OWASC List of Vulnerabilities

Functional v/s Security testing

  1. What is Functional testing?
  2. What is Security testing?
  3. Differences
  4. Tools for Functional and Security testing

Web application in-securities practical hands-on

  1. Demo of web vulnerabilities with insecure web applications

Secure Coding Techniques

  1. Best Practices
  2. Secure J2EE Programming
  3. Secure .NET Programming
  4. Secure PHP Programming

Significant OWASP Projects

  1. OWASP Development Guide
  2. OWASP Testing Guide
  3. OWASP Code Review Guide

Flash Attacks

IFrame Attacks

Continuous security testing and assessments

  1. Risk based approach
  2. Risks from Outsourcing
  3. Conducting VAPT, Source code audits, Infrastructure reviews

Leave a Reply

Your email address will not be published. Required fields are marked *