Web Application Security Training

ICT NETWORLD LIMITED > Web Application Security Training

Web application security (WAPT Training) is a branch of Information Security that deals specifically with security of websites, web applications and web services. At a high level, Web application security draws on the principles of application security but applies them specifically to Internet and Web systems. Typically web applications are developed using programming languages such as PHP, Java EE, Java, Python, Ruby, ASP.NET, C#, VB.NET or Classic ASP. In the race to develop online services, web applications have been developed and deployed with minimal attention given to security risks, resulting in a surprising number of corporate sites that are vulnerable to hackers. Prominent sites from a number of regulated industries including financial services, government, healthcare, and retail, are probed daily. Some banks have reported being probed as many as 50 times a day. The consequences of a security breach are great: loss of revenues, damage to credibility, legal liability and loss of customer trust.

Web applications are used to perform most major tasks or website functions. They include forms that collect personal, classified and confidential information such as medical history, credit and bank account information as well as user satisfaction feedback. Gartner has noted that almost 75 percent of attacks are tunneling through web applications. Web application security is a significant privacy and risk compliance concern that remains largely unaddressed.

This course covers the basic concepts and terminology for understanding application security issues. It provides a definition of application-level security and demonstrates how its concerns extend beyond those of traditional infrastructure security. The course explains common application security vulnerabilities, such as SQL injection, Cross-Site Scripting (XSS) and authorization issues. Using this knowledge, developers, QA testers and security personnel will be able to address application-level threats.

Who should attend this web application security course?

  • Security Professionals, Developers, Project Managers, Quality Assurance
  • Staff. Programmers who want to design and develop secure applications & identify potential security vulnerabilities early in the development process.

PRE-REQUISITE

Strong Programming skills & good knowledge of Web technologies (C, HTML, JAVA/.NET, PHP is an added advantage).

Course Outline

  • Introduction To Web Application
  • Introduction to Web Application
  • Types Of Web Application
  • Use Of Web Application
  • Advantage And Disadvantage Of Web Application
  • Design Your First Web Application
  • Common Attacks On Web Application
  • Introduction To Database
  • Introduction to Database
  • Different Types Of Database
  • Use Of Database
  • Advantages and Disadvantages of Database
  • Connecting Database With Web Application
  • Common Attacks On Database
  • Basics Of Web Application Programming
  • HTML
  • JavaScript
  • PHP
  • SQL
  • OWASP Top 10
  • SQL Injection
  • Cross Site Scripting
  • Broken Authentication & Session Management
  • Insecure direct Object References
  • Cross Site Request Forgery (CSRF)
  • Security Misconfiguration
  • Insecure Cryptographic Storage
  • Failure to Restrict URL Access
  • Insufficient Transport Layer Protection
  • Unvalidated Redirects and Forwards
  • Implementation of OWASP on DVWA,WEBGOAT
  • Overview of DVWA
  • Installation of DVWA
  • Introduction to WebGoat
  • Configuring WebGoat
  • Installation of Wamp Or Xampp
  • Demonstration Of OWASP Top 10 On DVWA & WebGoat 
  • PHP & JAVA Injection
  • Introduction to PHP Injection
  • Introduction to JAVA Injection
  • Bypass Authentication using PHP & JAVA Injection
  • Injection of Malicious Script Using PHP & Java Injection
  • CMS Hacking(Joomla, WordPress)
  • CMS Overview

  • Introduction to Joomla & WordPress
  • Installation and Configuration of Joomla & WordPress
  • Control Panel Handling Of Joomla & WordPress
  • Your First Site In Joomla & WordPress
  • Hack CMS Using Vulnerable Plugings
  • Countermeasures
  • Automatic & Maunal Vulnerability Finding
  • Find Vulnerabilities Using Search Engines
  • Vulnerabilities Findings Using Browser Addons & Plugings
  • Tools For Finding Vulnerabilities
  • Countermeasures
  • Web Scanners & Proxy ( Hands on Practice )
  • Accunetix
  • Appscan
  • Netsparker
  • Havij
  • Webscarab
  • Burpsuite
  • Zap Proxy
  • Sniffing & DNS-ARP Poisioning
  • WireShark
  • Cain & Abel
  • Xplico
  • Ettercap
  • Network Miner
  • Session Hijacking
  • HTTP Session Hijacking
  • HTTPS Session Hijacking
  • Cookie Stealing
  • URL & Website Virus Scanning
  • URL Filtering & Scanning
  • Web Site Scanning For Malicious Scripts
  • Safe Surfing & Downloading Tips
  • Browser Security
  •  
  • Designing Website Trackers
  • What are Web Site Trackers?
  • Custom Trackers
  • Web Sites for Online Tracking
  • Implementation of Tracker in Web Pages
  • Web Server(Apache, IIS) Vulnerability Testing
  • Common Vulnerabilities in Web Servers
  • Tool Based Testing
  • Manual Testing
  • Countermeasures

Register for this Batch


WhatsApp chat