Web Application Security Training

Course Duration: 60 Hours
Pre-Requisite: Basic Knowledge of Internet
Course Training Fee: ₹ 15,000 + Service Tax
Fee Included: Training, Books, E-Books, Tools, Software and certification
Free: 2 years free membership of Corecode HACKING Team

Course Content:s

Basics of Web Application Security


HTTP Basics
How HTTP works?
Different Request methods
HTTP request/response examples
Understanding HTTP error codes
Use of cookies
How to detect cookies
Using HTTP interceptor tools
Using Paros to intercept HTTP traffic
Web Application Security

Why web application security
Understanding difference between network and application security
Introduction to WASC
Introduction to OWASP top 10
Learning OWASP Vulnerabilities ( Concept + Threat Modeling + Finding out the vulnerability in a web application)
XSS concepts.

SQL injection concepts
Broken Authentication and Session Management

Learning OWASP Vulnerabilities continued
Cross-Site Request Forgery (CSRF)
Security Misconfiguration
Insecure Cryptographic Storage
Failure to Restrict URL Access
Insufficient Transport Layer Protection
Unvalidated Redirects and Forwards
Malicious file execution
Improper error handling

Introduction to Web Inspect
Learn what Web Inspect is
Installation and licensing policy
Understand how Web Inspect works and what types of security issues it finds
Overview of the tool
Typical workflow
Preparation required before using this tool

Session One: Introduction and Case Study
Module 1: Web Hacking Case Studies
Module 2: Business Risks from Application Vulnerabilities

Session Two: Web 2.0 Security
Module 3: What is Web 2.0?
Module 4: AJAX Vulnerabilities
Module 5: What are Web Services?
Module 6: Web Services Vulnerabilities

Session Three: Threat Modeling – Web Application Security Controls
Module 7: Application Security – An Overview
Module 8: Threat Modeling – Objectives
Module 9: Threat Modeling – Meaning and terminology
Module 10: Hacker’s Interest Area
Module 11: Threat Profiling
Module 12: Practical Considerations
Module 13: Case Study

Session Four: Introduction to web application vulnerabilities
Module 14: OWASP Top Ten
Module 15: OWASC List of Vulnerabilities
Session Five: Functional v/s Security testing
Module 16: What is Functional testing?
Module 17: What is Security testing?
Module 18: Differences
Module 19: Tools for Functional and Security testing

Session Six: Web application in-securities practical hands-on
Module 20: Demo of web vulnerabilities with insecure web applications


Session Seven: Secure Coding Techniques
Module 21: Best Practices
Module 22: Secure J2EE Programming
Module 23: Secure .NET Programming
Module 24: Secure PHP Programming

Session Eight: Significant OWASP Projects
Module 25: OWASP Development Guide
Module 26: OWASP Testing Guide
Module 27: OWASP Code Review Guide

Session Nine: Flash Attacks
Session Ten: IFrame Attacks

Session Eleven: Continuous security testing and assessments
Module 28: Risk based approach
Module 29: Risks from Outsourcing
Module 30: Conducting VAPT, Source code audits, Infrastructure reviews