ABSTRACTThe Application Security Training is a “1 Day Hands-On Training”. This Training is intended for students/professionals interested in making a career in the Information Security domain. This training involves real world scenarios that every Security Professional must be well versed with. It involves decompiling, real-time analyzing and testing of the applications from security standpoint.
This training covers understanding the internals of web and mobile applications, Real-time testing of web applications and android applications and a strategic approach to analyze applications for OWASP Top 10 vulnerabilities (Web) security issues such as Injections, Cross Site Scripting (XSS), CSRF Attacks, Insecure API’s, Insecure logging, Insecure communication, Insufficient cryptography, Insecure authentication and Poor code quality and many more.
WHO THIS TRAINING IS FOR?
● Students interested in Application Security
● Security Analysts/Researchers.
● IT Professionals working in Web Application Development domain.
● IT professionals working in Information Technology-Security domain.
KEY TAKEAWAYS● Understanding of manual & automated tools and techniques and when to apply them.
● Clear understanding of the Web Application Penetration Testing
● Ability to analyze a Web Application from a Security Standpoint
● Gain confidence in customizing your Application Security Testing Approach to suit the
application specific pentesting needs, by gaining clarity on the powerful features of Burp
Suite Tool
● Build a clear scope to prioritize your security testing
What will be covered- Opening
- about the class
- about OWASP
- Introduction
- Security Awareness/hacker mindset
- Introduction to the training environment and tools
- Reconnaissance
- Web application Reconnaissance
- HTTP / HTTPS basics
- Web application and Web server fingerprinting
- Most common vulnerabilities, detection, and exploitation 3 hours
- XSS (HTML, Attribute, DOM)
- SQLi
- IDOR Vulnerabilities
- XXE
- SSRF
- File Upload Vulnerabilities
- Insecure API
- Where to go from here
- Introduction cloud security (AWS, Azure)
- SCADA
- Embedded
- Recap
Prerequisites- Laptop with
- ### Workshop software installed and configured as specified in the PDF at the end of this page -- please do this BEFORE the workshop ###
- make sure you have actually run a Virtual image before
- minimal 4GB RAM
- 10 GB free space
- VMware or VirtualBox installed
- If possible, administrator privileges
- Basic understanding of software development and or networking
Upon Completion of this training, attendees will know● Understanding of manual & automated tools and techniques and when to apply them.
● Clear understanding of the Web Application Penetration Testing
● Ability to analyse a Web Application from a Security Standpoint
● Gain confidence in customising your Application Security Testing
Approach to suit the application specific pen-testing needs, by
gaining clarity on the powerful features of Burp Suite Tool
● Build a clear scope to prioritise your security testing
Attendees will be provided with (by trainer)Training Deck
Virtual Machines
Answers Sheets
Help in revisiting the session challenges post the class
