"Application Security Training" is no longer available

No Reviews Yet

R T Nagar, Bangalore

Course ID: 43459

R T Nagar, Bangalore

No Reviews Yet

Date and Time

Not decided yet.

Vipin picture
Vipin

B. Tech

2 Years of Experience

About Vipin

4 Years of Experience.
No reviews currently Be the First to Review

About the Course

About the Course

The course is focused on the web application security. It includes the security guidelines and considerations in web applications development. The participants will learn the basics of application security, how to enforce security on a web application, Basics of Threat Modeling, Threat Profiling, OWASP Top Ten Testing, Black Box Testing, and Source Code Reviews.

Objectives of the course

Upon completion of this course, participants will be able to:



  • Understand the need for security

  • Understand the various security threats and countermeasures

  • Design and Develop secured web applications


Who should attend this training?



  • All web app developers, testers, designers who wish to improve their security skills

  • Developers and System Architects wishing to improve their security skills and awareness

  • Team Leaders and Project Managers

  • Security practitioners and managers

  • Auditors

  • people who wants to learn the techniques for securing Web applications

  • also for the QA analysts who want to learn the mechanics of Web applications for better testing


Course Contents

Session One: Introduction & Case Studies



  • Introduction to Web Applications

  • Understanding Web Application Architecture

  • HTTP Protocol Basics

  • HTTP Attack Vectors

  • HTTPS vs HTTPÂ

  • Introduction to VAPT

  • Introduction to Application Security

  • Application Security Risks

  • Case Studies


Session Two: OWASP Top 10 2017 RC2



  • Global Standards/Frameworks


    • SANS Top 25 Software Errors

    • WASC

    • NIST

    • OWASP



  • What is OWASP

  • Significant OWASP Projects

  • OWASP Top 10

  • The OWASP Top 10 for WebAppSec


    • A1 - Injection

    • A2 - Broken Authentication and Session Management

    • A3 - Sensitive Data Exposure

    • A4 - XML External Entity (XXE)

    • A5 - Broken Access Control

    • A6 - Security Misconfiguration

    • A7 - Cross-Site Scripting (XSS)

    • A8 - Insecure Deserialization

    • A9 - Using Components with Known Vulnerabilities

    • A10 - Insufficient Logging & Monitoring



  • Countermeasures of OWASP Top 10 2017 RC2


Session Three: Beyond OWASP



  • CSRF


    • Understanding the vulnerability

    • Discovering the vulnerability

    • Attacking the Issue

    • Impact & Countermeasure



  • SSRF


    • Understanding the vulnerability

    • Discovering the vulnerability

    • Attacking the Issue

    • Impact & Countermeasure



  • Clickjacking


    • Understanding the vulnerability

    • Discovering the vulnerability

    • Attacking the Issue

    • Impact & Countermeasure




Session Four: Scanners & Interpreting Scan Reports



  • Web Application Scanners


    • Netsparker

    • Nessus

    • Acunetix

    • AppScan

    • WebInspect

    • NeXpose



  • Profiling the Scans

  • Interpreting Scanner Reports

  • Open source Tools and Testing Methodologies


    • Vega

    • OWASP OWTF




Session Five: API Insecurity



  • API Insecurity


    • Introduction to API & API Security

    • SOAP vs REST

    • Case Studies

    • Common API Vulnerabilities



  • Core Toolset for API Testing

  • Attacks on API

  • API Assessment Approach

  • Bot Defense for API

  • How to stop API Attacks?


Session Six: Practical Tips For Defending Web Application & API



  • Common Mistakes in Development

  • Security Best Practices for Web Application & API Security

  • Secure SDLC


    • Threat Modelling

    • Source Code Review

    • VAPT



  • DevSecOps


    • What is DevSecOps

    • DevSecOps vs Secure SDLC

    • DevSecOps for API Security




*Note: We are flexible with the batch timings and students will be provided the timing slots according to their preferences.

Reviews

No reviews currently Be the First to Review

Discussions

Post your requirement and let us connect you with best possible matches for Application Security Training Post your requirement now

UrbanPro.com is India's largest network of most trusted tutors and institutes. Over 25 lakh students rely on UrbanPro.com, to fulfill their learning requirements across 1,000+ categories. Using UrbanPro.com, parents, and students can compare multiple Tutors and Institutes and choose the one that best suits their requirements. More than 6.5 lakh verified Tutors and Institutes are helping millions of students every day and growing their tutoring business on UrbanPro.com. Whether you are looking for a tutor to learn mathematics, a German language trainer to brush up your German language skills or an institute to upgrade your IT skills, we have got the best selection of Tutors and Training Institutes for you. Read more