Offensive Application Security with OWASP Top 10-2013
Web applications present a complex set of security issues for architects, designers, and developers. The most secure and hack-resilient Web applications are those that have been built from the ground up with security in mind.
This program gives a head start to all those professionals woking in IT enabled organizations. We take you through Web Application Attacks with their core concepts along with Hands On Practice Sessions.
Program Details
Duration: | 16 Hours (2 Days) |
Fees: | INR 6500/- |
Who Should Attend: | Application Programmers |
Test and QA Engineers | |
Application Architects | |
Project Leads and Managers | |
Security Consultants | |
(Anyone, passionate for Application Security) | |
Prerequisites: | Working Knowledge of Computer Systems |
Working Knowledge of Internet and Website | |
Basic Knowledge of Web Applications & Programming Concepts |
Application Security Training Module with Hands On:
Getting Started with Application Security
- Understanding Application Security
- What are wy trying to Secure?
- Core Pillars of Information Security: Confidentiality, Integrity, Availability
- Defining Threats, Vulnerabilities and Attacks
- What if there is No Security?
Security in SDLC
- Threat Modeling and Risk Assessment
- Secure Development
- Penetration Testing
- Deployment on Secure Network Architecture
Web Application Security Mechanisms
- Authentication
- Authorization
- Session Management
- Data Validation
- Cryptography
- Logging and Auditing
- Error and Exception Handling
Introduction to OWASP
- What is OWASP?
- Various Projects in OWASP
- What is OWASP Top 10
- Understanding OWASP 2013 Top 10
A1: Injection Based Attacks
- SQL Injection: Blind SQL Injection & Error Based Injection
- Code Injection
- Command Injection
A2: Broken Authentication & Session Management
- Session Fixation
- Session Hijacking
- Authentication Bypass
A3: Cross Site Scripting
- Content Spoofing
- Reflected XSS
- Stored XSS
A4: Insecure Direct Object Reference
- Reference Guessing
- Sequential Incremental
A5: Security Misconfiguration
- Race Conditions
- Network Eavesdropping
A6: Sensitive Data Exposure
- Local File Inclusion
- Directory Traversal Attack
- Insecure Cryptographic Storage
A7: Missing Function Level Access Control
- Horizontal Privilege Escalation
- Vertical Privilege Escalation
- Parameter Tampering
- Malicious File Upload
A8: Cross Site Request Forgery(CSRF)
- Crafing Fake Request via Forms
- Using CSRF with XSS
A9: Components with Known Flaws
A10: Unvalidated Redirects and Forwards
- URL Tokens
- Phishing