About the Course
Application Security training program is designed to make participants aware of common web application vulnerabilities and the impact they can have on businesses. The course also incorporates effective defense mechanisms and the use of Best Practices to mitigate the risk of attacks. The course focuses on the latest hacking attacks targeted to different platforms & networks and covers countermeasures to secure IT infrastructure. The course focuses on OWASP Top 10 and SANS Top 25 vulnerabilities and risks.

Topics Covered
Topic 1: Introduction
• Welcome
• Motivation
• Course Objectives
• Course Overview
• The Software Development Lifecycle (SDLC)
• Security in the SDLC
• The Importance of Security Requirements
• Application Security in Context
• Lab Exercise: Requiring Security
• Quiz

Topic 2: A Taxonomy of Web Application Vulnerabilities
• Debug Info in Prod
• Denial of Service
• Failure to Respond to Attack
• Failure to Verify Integrity
• HTTP
• Information Leakage
• Injection
• Insecure Coding
• Insecure I/O
• Insecure Platform
• Intentional
• Poor Access Control
• Poor Certificate Management
• Poor Input Validation
• Poor Password Management
• Poor Session Management
• Race Condition
• Replay
• Sensitive Info Exposure
• Trusting DNS
• Lab Exercise: The OWASP Top 10
• Quiz

Topic 3: Using a Web Proxy
• Viewing Web Page Source
• Example: Tamper Data
• Violating Designer Assumptions
• Errors vs. Unexpected Behavior
• Crafting Malicious Input
• Example: Burp Proxy
• Example: OWASP ZAP
• Lab Exercise: Injection Rejection
• Quiz

Topic 4: Detecting XSS
• What is Cross-site Scripting ?
• Example: Cross-site Scripting
• Detecting XSS Vulnerabilities
• Case Study: But I don’t Like Spam
• Lab Exercise: XSS Attacks
• Quiz

Topic 5: Detecting SQL Injection
• What is SQL Injection ?
• Case Study: I Still Don’t Like Spam
• Detecting SQLi Vulnerabilities
• Lab Exercise: SQLi Attacks
• Quiz

Topic 6: Detecting Command Injection
• What is Command Injection ?
• Case Study: Do the Math
• Detecting Command Injection Vulnerabilities
• Other Injection Attacks
• Lab Exercise: Taking Command
• Quiz

Topic 7: Detecting Access Control Vulnerabilities
• Password Strength & Management
• Testing for Account Enumeration
• Navigate Your Way
• Testing for Client Side Access Control
• Roles, Accounts, and Permissions
• Testing for Cross-site Request Forgery
• Testing for Path Traversal
• Testing for Horizontal Escalation
• Testing for Replay
• Testing for Session Fixation
• Testing for Session Termination
• Lab Exercise: Out of Control
• Quiz

Topic 8: Detecting Other Vulnerabilities
• Parameter Mayhem
• Sensitive Information Exposure
• Event Timing
• File Uploads and Transfers
• Testing for Denial of Service
• Lab Exercise: Go Get ‘Em
• Quiz

Topic 9: Miscellaneous Topics
• Application Security in Perspective
• Security Manager Design Pattern
• Avoiding Common Vulnerabilities
• Security in the SDLC
• The Security Design Review
• The OWASP ESAPI

Who should attend
- IT/Security professionals - Developers/Code reviewers - Security Testers/Ethical Hackers - Security Analysts - Security Enthusiasts/Students

Pre-requisites

- Basic understanding of computing - Know-how of web applications - Networking Know-how - Open mind

What you need to bring

PC/Laptop with a high-speed Internet Connection.""

Key Takeaways

- Course Materials (soft copies) - Videos/Lectures/PDFs - Security Tools - Practice Questions/material