Duration 3 Days
This three-days course provides in-depth knowledge about Web application security explains common security terminology and presents a set of proven security principles upon which many of the recommendations throughout this guide are based. It presents an overview of the security process and explains why a holistic approach to security that covers multiple layers including the network, host and application, is required to achieve the goal of hack-resilient Web applications.
- This course focuses on the latest tools and techniques used in designing applications which provide data to those who need it while keeping the bad guys out.
- The candidate will have hands on experience using current tools to detect and prevent Cross-site Scripting (XSS), and SQL Injection as well as an in-depth understanding of authentication, and session management systems and their weaknesses and how they are best defended.
- This course will focus on OWASP top 10 web application security guide.
- Module 1: Introduction to Web Application Security
- Module 2: OWASP Projects
- Module 3: Discovery and Identifying the Web Server, Web Application and Subsystem
- Module 4: Attack: Bypassing Client-Side Controls
- Module 5: Attack: Access Controls
- Module 6: Attack: Authentication and Session Management
- Module 7: Attack: Injecting Code
- Module 8: Attack: Cross-Site Scripting
- Module 9: Attack: Application Logic
- Module 10: Attack: Exploiting Information Disclosure
- Module 11: Attack: Buffer Overflow
- Module 12: Attack: Web Server
- Module 13: Finding Vulnerabilities in Source Code
- Knowledge about basic networking
- Knowledge about Information Security
- Knowledge about Web Application Technologies
WHO SHOULD ATTEND
- Web Application Programmers
- Systems/Network Administrators
- IT Auditors
- Anyone interested in learning the concepts of secure Web application design
- Information Security Professional