Offensive Application Security with OWASP Top 10-2013
Web applications present a complex set of security issues for architects, designers, and developers. The most secure and hack-resilient Web applications are those that have been built from the ground up with security in mind.
This program gives a head start to all those professionals woking in IT enabled organizations. We take you through Web Application Attacks with their core concepts along with Hands On Practice Sessions.
Program Details
| Duration: | 16 Hours (2 Days) |
| Fees: | INR 6500/- |
| Who Should Attend: | Application Programmers |
| Test and QA Engineers | |
| Application Architects | |
| Project Leads and Managers | |
| Security Consultants | |
| (Anyone, passionate for Application Security) | |
| Prerequisites: | Working Knowledge of Computer Systems |
| Working Knowledge of Internet and Website | |
| Basic Knowledge of Web Applications & Programming Concepts |
Application Security Training Module with Hands On:
Getting Started with Application Security
- Understanding Application Security
- What are wy trying to Secure?
- Core Pillars of Information Security: Confidentiality, Integrity, Availability
- Defining Threats, Vulnerabilities and Attacks
- What if there is No Security?
Security in SDLC
- Threat Modeling and Risk Assessment
- Secure Development
- Penetration Testing
- Deployment on Secure Network Architecture
Web Application Security Mechanisms
- Authentication
- Authorization
- Session Management
- Data Validation
- Cryptography
- Logging and Auditing
- Error and Exception Handling
Introduction to OWASP
- What is OWASP?
- Various Projects in OWASP
- What is OWASP Top 10
- Understanding OWASP 2013 Top 10
A1: Injection Based Attacks
- SQL Injection: Blind SQL Injection & Error Based Injection
- Code Injection
- Command Injection
A2: Broken Authentication & Session Management
- Session Fixation
- Session Hijacking
- Authentication Bypass
A3: Cross Site Scripting
- Content Spoofing
- Reflected XSS
- Stored XSS
A4: Insecure Direct Object Reference
- Reference Guessing
- Sequential Incremental
A5: Security Misconfiguration
- Race Conditions
- Network Eavesdropping
A6: Sensitive Data Exposure
- Local File Inclusion
- Directory Traversal Attack
- Insecure Cryptographic Storage
A7: Missing Function Level Access Control
- Horizontal Privilege Escalation
- Vertical Privilege Escalation
- Parameter Tampering
- Malicious File Upload
A8: Cross Site Request Forgery(CSRF)
- Crafing Fake Request via Forms
- Using CSRF with XSS
A9: Components with Known Flaws
A10: Unvalidated Redirects and Forwards
- URL Tokens
- Phishing
Let's Begin Security
- FREE Scan for SQL Injection and XSS Flaws for Web Applications
- FREE Port Scanning and Service Identification for Servers
- FREE Trial on Policy Review and Tunneling Holes for Firewals
