Application Attack Methodology (TN – 201)
To secure web applications, it is important to understand different possible attacks and threats to the applications. Application attack methodology is a generic application security program where audience involved into software development life cycle can participate to learn application security irrespective of the language or framework they work upon. Course provides following benefits to the participants:
- Understanding web application attacks
- Understanding risk posed by application security
- Learn common attacks and countermeasures
- Bridge application security gap between development and information security staff
Target Audience
Application developers, QA engineers, Architects, Technical Leads, Project managers, Information security analysts, and other professionals who are looking for a live experience of major web application security attacks and their countermeasures.
Mandatory Pre-requisites
- Basic Technical Background
- Understanding about web applications
Helpful Pre-requisites
- Knowledge of HTTP and HTML
- Basic understanding of any web programming languages (ASP, ASP.Net, Java, PHP, RoR, CGI etc.)
Course Content
The Need for Application Security
- Web Hacking Statistics
- Past Incidents
- Application Security Assumptions
- Application Security Changing Landscape
- Application Security Challenges
- Measurable Benefits
- Return on Application Security Investment
Application Security Essentials
- Goals of Application Security
- Traditional SDLC Vs Secure SDLC
- Application Security Approach
- Secure Application Design Principles
- Application Security Modules
OWASP Top 10
- What is OWASP?
- OWASP Resources
- OWASP Top 10 Vulnerabilities and Countermeasures
Attacking Authentication
- Weak Authentication
- Brute-Force Attacks
- Exploiting Authentication – Live demonstration
- Countermeasures
Attacking Authorization
- Broken Authorization
- Attacking Broken Authorization – Live demonstration
- Preventing Authorization Attacks
Attacking Session Management
- Session based Attacks
- Cookie Poisoning/Manipulation
- Attacking Poor Session Management – Live demonstration
- Preventing Session Management Attacks
Exploiting inadequate Data Validation
- HTML Injection – Live demonstration
- Cross -Site Scripting (XSS) Attack – Live demonstration
- SQL Injection – Live demonstration
- Countermeasures
Error Handling/ Information Leakage
- Exploiting Poor Error Handling – Live demonstration
- Preventing Information Leakage
Logging
- Insecure Logging – Live demonstration
- Logging Best Practices
Weak Cryptography
- Exploiting Weak Cryptography – Live demonstration
- Cryptography Best Practices
Q & A
For customized trainings as per your business requirements, kindly contact us at trainings@torridnetworks.com
Connect With Us