Course Code: bspwbappsec
Duration: 28 hours
Prerequisites:

Bespoke course as discussed with Martin Whitaker

Overview:

Bespoke course as discussed with Martin Whitaker

Course Outline:

  1. Security Intro

    1. Security vocabulary

    2. CVSS vectors

    3. CIA classification

    4. Online resources

      1. Vulnerability databases

      2. Exploit databases

    5. Vulnerability detection

      1. Active scanning

      2. Passive scanning

      3. Code scanning

      4. Dependency scanning

    6. Security testing

      1. Pentests

      2. Red teaming

      3. DecSecOps – planning secure development cycle

  1. Threat modeling for web application

    1. Information disclosure

    2. Unauthorized access

    3. Unauthorized actions

    4. Impersonation

    5. Business logic errors

    6. Deface

    7. Resource stealing

    8. Denial of Service

    9. APT attacks

      1. MITRE Att&CK

  1. Common web vulnerabilities

For every vulnerability the following sections will be covered:

  • Mechanism

  • Detection (active test, passive test, code scanning)

  • Exploitation

  • Prevention

    1. Injections

      1. SQL injections

      2. No-SQL injections

      3. LDAP injections

      4. Command injections

      5. Server-side template injections

    2. Broken authentication

    3. Broken access control

    4. Sensitive data exposure

    5. XXE attacks

    6. Clickjacking

    7. Cross site scripting

      1. Reflected

      2. Stored

      3. DOM-based

    8. Insecure deserialization

    9. Cross-site request forgery (CSRF)

    10. Server-side request forgery (SSRF)

    11. CORS vulnerabilities

    12. HTTP request smuggling

    13. Web cache poisoning

    14. Web cache deception

    15. OAuth vulnerabilities

  1. Docker security

    1. Security cheat sheet

    2. Container scanning

    3. Examples of vulnerabilities

  1. Vulnerability chaining & case studies