Application Attack Methodology (TN – 201)

To secure web applications, it is important to understand different possible attacks and threats to the applications. Application attack methodology is a generic application security program where audience involved into software development life cycle can participate to learn application security irrespective of the language or framework they work upon. Course provides following benefits to the participants:

1. Understanding web application attacks
2. Understanding risk posed by application security
3. Learn common attacks and countermeasures
4. Bridge application security gap between development and information security staff

Target Audience

Application developers, QA engineers, Architects, Technical Leads, Project managers, Information security analysts, and other professionals who are looking for a live experience of major web application security attacks and their countermeasures.

Mandatory Pre-requisites

1. Basic Technical Background
2. Understanding about web applications

Helpful  Pre-requisites

1. Knowledge of HTTP and HTML
2. Basic understanding of any web programming languages (ASP, ASP.Net, Java, PHP, RoR, CGI etc.)

Course Content

The Need for Application Security

• Web Hacking Statistics
• Past Incidents
• Application Security Assumptions
• Application Security Changing Landscape
• Application Security Challenges
• Measurable Benefits
• Return on Application Security Investment

Application Security Essentials

• Goals of Application Security
• Traditional SDLC Vs Secure SDLC
• Application Security Approach
• Secure Application Design Principles
• Application Security Modules

OWASP Top 10

• What is OWASP?
• OWASP Resources
• OWASP Top 10 Vulnerabilities and Countermeasures

Attacking Authentication

• Weak Authentication
• Brute-Force Attacks
• Exploiting Authentication – Live demonstration
• Countermeasures

Attacking Authorization

• Broken Authorization
• Attacking Broken Authorization – Live demonstration
• Preventing Authorization Attacks

Attacking Session Management

• Session based Attacks
• Cookie Poisoning/Manipulation
• Attacking Poor Session Management – Live demonstration
• Preventing Session Management Attacks

Exploiting inadequate Data Validation

• HTML Injection – Live demonstration
• Cross -Site Scripting (XSS) Attack – Live demonstration
• SQL Injection – Live demonstration
• Countermeasures

Error Handling/ Information Leakage

• Exploiting Poor Error Handling – Live demonstration
• Preventing Information Leakage

Logging

• Insecure Logging – Live demonstration
• Logging Best Practices

Weak Cryptography

• Exploiting Weak Cryptography – Live demonstration
• Cryptography Best Practices

Q & A
For customized trainings as per your business requirements, kindly contact us at trainings@torridnetworks.com

Tags: Application Security Trainings