Web App Protection Industrial Training


HTTP Basics

  1. How HTTP works?
  2. Different Request methods
  3. HTTP request/response examples
  4. Understanding HTTP error codes
  5. Use of cookies
  6. How to detect cookies
  7. Using HTTP interceptor tools
  8. Exercise
  9. Using Paros to intercept HTTP traffic
  10. Web Application Security

Why Web Application Security

  1. Understanding difference between network and application security
  2. Introduction to WASC
  3. Introduction to OWASP top 10
  4. Learning OWASP Vulnerabilities ( Concept + Threat Modeling + Finding out the vulnerability in a web application)
  5. XSS concepts.

SQL injection concepts

  1. Broken Authentication and Session Management

Learning OWASP Vulnerabilities continued

  1. Cross-Site Request Forgery (CSRF)
  2. Security Misconfiguration
  3. Insecure Cryptographic Storage
  4. Failure to Restrict URL Access
  5. Insufficient Transport Layer Protection
  6. Unvalidated Redirects and Forwards
  7. Malicious file execution
  8. Improper error handling

Introduction to Web Inspect

  1. Learn what Web Inspect is
  2. Installation and licensing policy
  3. Understand how Web Inspect works and what types of security issues it finds
  4. Overview of the tool
  5. Typical workflow
  6. Preparation required before using this tool

Introduction and Case Study

  1. Web Hacking Case Studies
  2. Business Risks from Application Vulnerabilities

Leave a Reply

Your email address will not be published. Required fields are marked *