Text Size

Application Security Awareness Program (TN - 202)

Trainings - Application Security

Course provides basic information about web application security to the professionals involved into software development lifecycle. Course will help the participants to understand web application vulnerabilities & countermeasures and shall also develop an aptitude for application security in particular and information security in general.

Target Audience

  1. Application Developers, Business Analysts, Project   Managers, Security Auditors, Application Architects

Mandatory Pre-requisites

  1. Basic understanding of Internet Technology

Helpful Pre-requisites

  1. Knowledge of HTTP and HTML

Course Contents

The Need for Application Security

  • Case Studies
  • Web Hacking Statistics
  • Security Myths
  • Measurable Benefits
  • Application Security Challenges

Application Security Essentials

  • Goals of Application Security
  • Traditional SDLC Vs Secure SDLC
  • Application Security Approach
  • Secure Application Design Principles

OWASP Top 10

  • What is OWASP?
  • OWASP Resources
  • OWASP Top 10 Vulnerabilities
  • OWASP Top 10 Attacks & Mitigation Techniques

Cross -Site Scripting (XSS) Attack

  • Introduction
  • Impact of XSS
  • Live demonstration against a sample application
  • Mitigation Techniques

Cross -Site Request Forgery (CSRF) Attack

  • Introduction
  • Live demonstration against a sample application
  • Mitigation Techniques
  • POST v/s GET

Information Leakage & Improper Error Handling

  • Introduction
  • Application Error Messages
  • Misconfigured, Default Settings, Unpatched Systems
  • Forced Directory Browsing
  • Robots.txt
  • Google hacking
  • Live demonstration against a sample application

Insecure Direct Object Reference

  • Introduction
  • Live demonstration against a sample application
  • Mitigation Techniques
  • Failure to restrict URL Access

SQL Injection Attack

  • Introduction
  • Impact of SQL Injection
  • Live demonstration against a sample application
  • Mitigation Techniques

Malicious File Injection

  • Introduction
  • Live demonstration against a sample application
  • Mitigation Techniques

Insecure Communication

  • Introduction
  • Live demonstration against a sample application
  • Mitigation Techniques

Broken Authentication & Session Management

  • Introduction
  • Live demonstration against a sample application
  • Mitigation Techniques

Insecure Cryptography

  • Introduction
  • Live demonstration against a sample application
  • Mitigation Techniques
Q & A

For customized trainings as per your business requirements, kindly contact us at This e-mail address is being protected from spambots. You need JavaScript enabled to view it
< Prev   Next >