Web Application Security Expert

Web Application Security Expert

Image

    Course Details

  • Module 1: Introduction to application security
    • • Introduction to Web Applications.
    • • Understanding Web Application Architecture.
    • • HTTP Protocol Basics.
    • • HTTP Attack Vectors
    • • HTTPS vs HTTP.
    • • Introduction to VAPT.
    • • Introduction to Application Security.
    • • Application Security Risks.
    • • Case Studies.
  • Module 2: OWASP Top 10
    • • Global Standards/Frameworks.
      • SANS Top 25 Software Errors
      • WASC
      • NIST
      • OWASP
    • • What is OWASP.
    • • Significant OWASP Projects.
    • • OWASP Top 10
    • • The ‘OWASP Top 10’ for WebAppSec.
      • A1-Injection
      • A2-Broken Authentication
      • A3-Sensitive Data Exposure
      • A4-XML External Entities (XXE)
      • A5-Broken Access Control
      • A6-Security Misconfiguration
      • A7-Cross-Site Scripting (XSS)
      • A8-Insecure Deserialization
      • A9-Using Components with Known Vulnerabilities
      • A10- Insufficient Logging & Monitoring
    • • Mitigations of OWASP Top 10.
  • Module 3: Modern Attacks of Web Application
    • • CSRF
      • Understanding the vulnerability
      • Discovering the vulnerability
      • Attacking the Issue
      • Impact & Countermeasure
    • • SSRF
      • Understanding the vulnerability
      • Discovering the vulnerability
      • Attacking the Issue
      • Impact & Countermeasure
    • • Clickjacking
      • Understanding the vulnerability
      • Discovering the vulnerability
      • Attacking the Issue
      • Impact & Countermeasure
    • • SSTI
      • Understanding the vulnerability
      • Discovering the vulnerability
      • Attacking the Issue
      • Impact & Countermeasure
    • • XXE
      • Understanding the vulnerability
      • Discovering the vulnerability
      • Attacking the Issue
      • Impact & Countermeasure
  • Module 4: Automated approach of Vulnerability Assessment
    • • Web Application Scanners.
      • Netsparker
      • Nessus
      • Acunetix
      • AppScan
      • WebInspect
      • NeXpose
    • • Profiling the Scans
    • • Interpreting Scanner Reports
    • • Open source Tools and Testing Methodologies
      • Vega
      • OWASP OWTF
  • Module 5: API security Testing
    • • API Insecurity
      • Introduction to API & API Security
      • SOAP vs REST
      • Case Studies
      • Common API Vulnerabilities
    • • Core Toolset for API Testing
    • • Attacks on API
    • • API Assessment Approach
    • • Bot Defense for API
    • • How to stop API Attacks?
  • Module 6: Mitigation Strategy for Web Application loopholes
    • • Common Mistakes in Development
    • • Security Best Practices for Web Application & API Security
    • • Secure SDLC
      • Threat Modelling
      • Source Code Review
      • VAPT
    • • Cloud Security
  • Module 7: Cloud Introduction
    • • Introduction to cloud
    • • Introduction to virtualization
    • • Cloud Service Models
    • • Cloud Industry Standards
    • • Security Challenges
    • • Introduction to Cloud Vendors (Aws & Azure)
    • • Cloud Access Security Broker
  • Module 8: Cloud Migration Challenges
    • • Cloud Breach Case Study
    • • Virtualization security Issues
    • • Risk Assessment on Cloud Migration
    • • OWASP Top 10 Threats
    • • Planning Secure Migration
  • Module 9: Cloud Infrastructure Security
    • • Cloud Configuration & Patch Management
    • • Cloud Change management
    • • Cloud Infrastructure Audit (Intro, Audit, Best Practice)
      • Aws – VPC, EC2
      • Azure - ARM, NSG
    • Demo- Aws cli & powershell & Amazon, Azure portal
  • Module 10: Cloud Data Security
    • • Data Protection (rest, at transit, in use)
    • • Data Information lifecycle
    • • Cloud Data Audit (Intro, Audit, Best Practice)
      • Aws – EBS, S3
      • Azure – SAS
    • Demo- Aws cli & powershell & Amazon, Azure portal
    • • Key management
    • • Cloud Key management Audit (Intro, Audit, Best Practice)
      • Aws –KMS
      • Azure – Azure Key Vault
    • Demo- Aws cli & powershell & Amazon, Azure portal
  • Module 11: Identity and Access Management
    • • Introduction to Identity and Access Management
    • • Introduction to Federated Identity Management
    • • Case Study
    • • Cloud IAM Audit (Intro, Audit, Best Practice)
      • Aws –IAM
    • Demo- Aws Cli & Amazon portal
  • Module 12: Cloud Application Security
    • • Cloud Application Challenges
    • • OWSAP Top 10
    • • Secure SDLC
    • • DevSecOps
    • • Introduction to Cloud watch, Cloud Trail
    • • Security automation – Cloud Trail, Cloud watch, Lambda
  • Module 13: Cloud Compliance, Policy, Governance
    • • Cloud Policy
    • • Cloud SLA
    • • Cloud Risk Management
    • • Cloud Compliance
      • Legal, Privacy and Geographic Issues
      • Cloud Compliance Standards
      • Cloud Compliance Discussion with CSA CCM & CAI
    • • Cloud Compliance Audit (Intro)
      • Azure-Security Center
    • Demo- Azure portal
  • Module 14: Cloud Incident Response & Intrusion Detection & BCP/DR
    • • BCP/DR Issues
    • • Cloud Intrusion Detection
    • • Cloud Forensics Challenges
    • • Cloud Incident Response
    • • Use Case -Aws
    • • Cloud Pen testing

Web Application Security Expert Training Program

Weekday Classes

  • Monday To Friday
  • Duration: 2 to 3 Hours
  • Number Of Classes: 60 hours
  • 8:2 Practical Ratio

Weekend Classes

  • Saturday & Sunday
  • Duration: 4 to 8 Hours
  • Number Of Classes: 60 hours
  • 8:2 Practical Ratio

Delivery Method

  • Classroom Training
  • Online Training
  • Free Demo Class
  • Language English/Hindi

Registration Process

  • Step 1: Register Yourself Online
  • Step 2: Pay Training Fee
  • Step 3: Mail Us Following Document to [email protected]
  • Step 4: ID Proof Copy(Voter ID/Aadhar Card)
Contact Us

Drop us a message for any query