Web Application Security Essentials Training

Web Application Security Essentials Training

Web Applications are increasingly distributed. What used to be a complex monolithic application hosted on premise has become a distributed set of services incorporating on-premise legacy applications along with interfaces to cloud-hosted and cloud-native components. Because of this coupled with a lack of security knowledge, web applications are exposing sensitive corporate data. Security professionals are asked to provide validated and scalable solutions to secure this content in line with best industry practices using modern web application frameworks. Attending this class will not only raise awareness about common security flaws in modern web applications, but it will also teach students how to recognize and mitigate these flaws early and efficiently.

Overview

The course is aligned with the OWASP 10, a world-renowned reference document which describes the most critical web application security flaws.
The topics covered include:

  • Introduction to Web Application Security
  • Technologies used in Web Applications
  • The Security Tester Toolkit
  • Critical Areas in Web Applications
  • Broken Access Control
  • Cryptographic Failures
  • Injection
  • Insecure Design
  • Security Misconfiguration
  • Vulnerable and Outdated Components
  • Identification and Authentication Failures
  • Software and Data Integrity Failures
  • Security Logging and Monitoring Failures
  • Server Side Request Forgery (SSRF)

    • Format: The course combines theory and hands-on practical exercises. The participants start by learning about web application vulnerabilities. They are then given access to a purpose-built web application environment that contains the bugs and coding errors they have learned about. This provides an ideal ‘real-life’ opportunity to exploit these vulnerabilities using different open source tools and techniques in a safe environment.

    Duration: 2 days (16 hours)

    Vendor: OWASP

Skills Learned:

  • Defend against the attacks specified in OWASP Top 10
  • Infrastructure security and configuration management
  • Securely integrating cloud components into a web application
  • Learn about Authentication and authorization mechanisms, including single sign-on patterns
  • Understand cross-domain web request security
  • Leverage protective HTTP headers
  • Defending SOAP, REST and GraphQL APIs
  • Securely implement Microservice architecture
  • Defending against input related flaws such as SQL injection, XSS and CSRF

Participants are given access to a purpose-built web application that contains vulnerabilities discussed during the course and are asked.

A1:2017-Injeksi

A2:2017-Broken Authentication

A3:2017-Sensitive Data Exposure

A4:2017-XML External Entities (XXE)

A5:2017-Broken Access Control

A6:2017-Security Misconfiguration

A7:2017-Cross-Site Scripting (XSS)

A8:2017-Insecure Deserialization

A9:2017-Using Components with Known Vulnerabilities

A10:2017-Insufficient Logging&Monitoring

Contact Us

info@berjayateknologisiber.com

Contact Us

Information Trainings