Email:
[email protected]
Delhi | Lucknow | Dubai
Home
About
About Us
Our Team
Career
Testimonials
Courses
Diploma In Cyber Security
Advance Networking
Ethical Hacking
Penetration Testing Professional
Web Application Security Expert
Bug Bounty Hunting
Internship Program
Cyber Security Internship (6 Months)
Cyber Security Internship (3 Months)
Digital Foriencics Internship(3 Months)
Workshop
Ethical Hacking Workshop
Workshops For College
Workshops For Corporate
Worshops & Seminars
Upcoming Workshops
Services
Network VAPT
Mobile Application VAPT
Web Application VAPT
Red Teaming
SOC Solution
Francise
Blog
Contact
Web Application Security Expert
Web Application Security Expert
Course Details
Module 1:
Introduction to application security
• Introduction to Web Applications.
• Understanding Web Application Architecture.
• HTTP Protocol Basics.
• HTTP Attack Vectors
• HTTPS vs HTTP.
• Introduction to VAPT.
• Introduction to Application Security.
• Application Security Risks.
• Case Studies.
Module 2:
OWASP Top 10
• Global Standards/Frameworks.
SANS Top 25 Software Errors
WASC
NIST
OWASP
• What is OWASP.
• Significant OWASP Projects.
• OWASP Top 10
• The ‘OWASP Top 10’ for WebAppSec.
A1-Injection
A2-Broken Authentication
A3-Sensitive Data Exposure
A4-XML External Entities (XXE)
A5-Broken Access Control
A6-Security Misconfiguration
A7-Cross-Site Scripting (XSS)
A8-Insecure Deserialization
A9-Using Components with Known Vulnerabilities
A10- Insufficient Logging & Monitoring
• Mitigations of OWASP Top 10.
Module 3:
Modern Attacks of Web Application
• CSRF
Understanding the vulnerability
Discovering the vulnerability
Attacking the Issue
Impact & Countermeasure
• SSRF
Understanding the vulnerability
Discovering the vulnerability
Attacking the Issue
Impact & Countermeasure
• Clickjacking
Understanding the vulnerability
Discovering the vulnerability
Attacking the Issue
Impact & Countermeasure
• SSTI
Understanding the vulnerability
Discovering the vulnerability
Attacking the Issue
Impact & Countermeasure
• XXE
Understanding the vulnerability
Discovering the vulnerability
Attacking the Issue
Impact & Countermeasure
Module 4:
Automated approach of Vulnerability Assessment
• Web Application Scanners.
Netsparker
Nessus
Acunetix
AppScan
WebInspect
NeXpose
• Profiling the Scans
• Interpreting Scanner Reports
• Open source Tools and Testing Methodologies
Vega
OWASP OWTF
Module 5:
API security Testing
• API Insecurity
Introduction to API & API Security
SOAP vs REST
Case Studies
Common API Vulnerabilities
• Core Toolset for API Testing
• Attacks on API
• API Assessment Approach
• Bot Defense for API
• How to stop API Attacks?
Module 6:
Mitigation Strategy for Web Application loopholes
• Common Mistakes in Development
• Security Best Practices for Web Application & API Security
• Secure SDLC
Threat Modelling
Source Code Review
VAPT
• Cloud Security
Module 7:
Cloud Introduction
• Introduction to cloud
• Introduction to virtualization
• Cloud Service Models
• Cloud Industry Standards
• Security Challenges
• Introduction to Cloud Vendors (Aws & Azure)
• Cloud Access Security Broker
Module 8:
Cloud Migration Challenges
• Cloud Breach Case Study
• Virtualization security Issues
• Risk Assessment on Cloud Migration
• OWASP Top 10 Threats
• Planning Secure Migration
Module 9:
Cloud Infrastructure Security
• Cloud Configuration & Patch Management
• Cloud Change management
• Cloud Infrastructure Audit (Intro, Audit, Best Practice)
Aws – VPC, EC2
Azure - ARM, NSG
•
Demo-
Aws cli & powershell & Amazon, Azure portal
Module 10:
Cloud Data Security
• Data Protection (rest, at transit, in use)
• Data Information lifecycle
• Cloud Data Audit (Intro, Audit, Best Practice)
Aws – EBS, S3
Azure – SAS
•
Demo-
Aws cli & powershell & Amazon, Azure portal
• Key management
• Cloud Key management Audit (Intro, Audit, Best Practice)
Aws –KMS
Azure – Azure Key Vault
•
Demo-
Aws cli & powershell & Amazon, Azure portal
Module 11:
Identity and Access Management
• Introduction to Identity and Access Management
• Introduction to Federated Identity Management
• Case Study
• Cloud IAM Audit (Intro, Audit, Best Practice)
Aws –IAM
•
Demo-
Aws Cli & Amazon portal
Module 12:
Cloud Application Security
• Cloud Application Challenges
• OWSAP Top 10
• Secure SDLC
• DevSecOps
• Introduction to Cloud watch, Cloud Trail
• Security automation – Cloud Trail, Cloud watch, Lambda
Module 13:
Cloud Compliance, Policy, Governance
• Cloud Policy
• Cloud SLA
• Cloud Risk Management
• Cloud Compliance
Legal, Privacy and Geographic Issues
Cloud Compliance Standards
Cloud Compliance Discussion with CSA CCM & CAI
• Cloud Compliance Audit (Intro)
Azure-Security Center
•
Demo-
Azure portal
Module 14:
Cloud Incident Response & Intrusion Detection & BCP/DR
• BCP/DR Issues
• Cloud Intrusion Detection
• Cloud Forensics Challenges
• Cloud Incident Response
• Use Case -Aws
• Cloud Pen testing
Web Application Security Expert Training Program
Weekday Classes
Monday To Friday
Duration: 2 to 3 Hours
Number Of Classes: 60 hours
8:2 Practical Ratio
Weekend Classes
Saturday & Sunday
Duration: 4 to 8 Hours
Number Of Classes: 60 hours
8:2 Practical Ratio
Delivery Method
Classroom Training
Online Training
Free Demo Class
Language English/Hindi
Registration Process
Step 1: Register Yourself Online
Step 2: Pay Training Fee
Step 3: Mail Us Following Document to
[email protected]
Step 4: ID Proof Copy(Voter ID/Aadhar Card)
Contact Us
Drop us a message for any query
Send Message