Text Size

Secure Application Development (TN - 204)

Trainings - Application Security

Course will help the professionals involved in software development lifecycle to understand web application vulnerabilities, countermeasures and the risk posed by application security. It will help them learn common attacks and mitigations to bridge application security gap between development and information security staff.

Target Audience

  1. Application developers, QA engineers, Architects, Technical Leads, Project managers, Information security analysts, and other professionals interested to learn web application security attacks and their countermeasures.

Mandatory Pre-requisites

  1. Basic Technical Background

Helpful Skills

  1. Knowledge of web applications

Course Contents

The Need for Application Security

  • Web Hacking Statistics
  • Past Incidents
  • Application Security Assumptions
  • Application Security Changing Landscape
  • Application Security Challenges
  • Measurable Benefits
  • Return on Application Security Investment
  • Application Security Essentials

Goals of Application Security

  • Traditional SDLC Vs Secure SDLC
  • Application Security Approach
  • Secure Application Design Principles
  • Application Security Modules

Web Application Basics

  • The HTTP Protocol
  • Web Functionality
  • Server-side Functionality
  • Client-side Functionality
  • Sessions
  • Encoding Schemes

OWASP Top 10

  • What is OWASP?
  • OWASP Top 10 Vulnerabilities and Countermeasures

Information Gathering

  • Web Spidering
  • Google Hacking
  • Identify Application Entry Points
  • Application Discovery

Authentication

  • Introduction
  • Authentication Method
  • Weak Authentication
  • Brute-Force Attacks
  • Exploiting Authentication – Live demonstration
  • Countermeasures To Stop Authentication Attacks

Authorization

  • Introduction
  • Authorization Methods
  • Broken Authorization
  • Attacking Broken Authorization – Live demonstration
  • Preventing Authorization Attack

Session Management

  • Introduction
  • Session Management Mechanisms and Problems
  • Session Fixation Attacks
  • Cookie Poisoning/Manipulation
  • Attacking Poor Session Management – Live demonstration
  • Preventing Session Management Attacks

Data Validation

  • Introduction
  • Cross -Site Scripting (XSS) Attack – Live demonstration
  • Risk of Cross-Site Scripting
  • Preventing Cross-Site Scripting
  • SQL Injection
  • OS Command Injection – Live demonstration
  • Directory Traversal/File Inclusion Attacks
  • Data Validation Methods
  • Regular Expressions

Error Handling/Information Leakage

  • Introduction
  • Insecure Error Messages
  • HTML Comments/Information Leakage On Public Mailing Lists
  • Exploiting Poor Error Handling – Live demonstration
  • Preventing Information Leakage

Logging

  • Why Logging?
  • Logging Requirements
  • Insecure Logging – Live demonstration
  • Logging Best Practices

Cryptography

  • Overview
  • Types of Cryptography
  • Encryption Algorithms
  • Cryptography Problems
  • Exploiting Weak Cryptography – Live demonstration
  • Channel Protection
Q & A

For customized trainings as per your business requirements, kindly contact us at This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Our Clients

Torrid Updates

Name:

Email: