Course Code: webap
Duration: 28 hours
Overview:

Description:

This course will give the participants thorough understanding about security concepts, web application concepts and frameworks used by developers in order to be able to exploit and protect targeted application. In today’s world, that is changing rapidly and thus all the technologies used are also changed at a fast pace, web applications are exposed to hackers attacks 24/7. In order to protect the applications from external attackers one has to know all the bits and pieces that makes the web application, like frameworks, languages and technologies used in web application development, and much more than that. The problem is that attacker has to know only one way to break into the application and developer (or systems administrator) has to know all the possible exploits in order to prevent this from happening. Because of that it is really difficult to have a bullet proof secured web application, and in most of the cases web application is vulnerable to something. This is regularly exploited by cyber criminals and casual hackers, and it can be minimized by correct planning, development, web application testing and configuration.

Objectives:

To give you the skill and knowledge needed to understand and identify possible exploits in live web applications, and to exploit identified vulnerabilities. Because of the knowledge gained through the identification and exploitation phase, you should be able to protect the web application against similar attacks. After this course the participant will be able to understand and identify OWASP top 10 vulnerabilities and to incorporate that knowledge in web application protection scheme.

Audience:

Developers, Police and other law enforcement personnel, Defense and Military personnel, e-Business Security professionals, Systems administrators, Banking, Insurance and other professionals, Government agencies, IT managers, CISO’s, CTO’s.

Course Outline:

Module 1: Security concepts
Module 2: Risk management
Module 3: Hackers attack phases
Module 4: Penetration testing
Module 5: Networking MitM attacks
Module 6: Overview of web technologies and frameworks
Module 7: Tools of the trade
Module 8: Bypassing client side controls
Module 9: Authentication attacks
Module 10: Design/implementation flaws
Module 11: Web application attacks: Injection (A1)
Module 12: Web application attacks: XSS/CSRF (A3/A8)
Module 13: Web application attacks: Broken authentication and session management (A2)
Module 14: Web application attacks: Insecure direct object references/Missing function level access control (A4/A7)
Module 15: Web application attacks: Security mis-configuration/Sensitive data exposure (A5/A6)
Module 16: Web application attacks: Unvalidated redirect and forwards (A10)
Module 17: Logical flaws

Sites Published:

United Arab Emirates - WEBAP - Web Application Security

Qatar - WEBAP - Web Application Security

Egypt - WEBAP - Web Application Security

Saudi Arabia - WEBAP - Web Application Security

South Africa - WEBAP - Web Application Security

Brasil - WEBAP - Web Application Security

Canada - WEBAP - Web Application Security

中国 - WEBAP - Web Application Security

香港 - WEBAP - Web Application Security

澳門 - WEBAP - Web Application Security

台灣 - WEBAP - Web Application Security

USA - WEBAP - Web Application Security

Österreich - WEBAP - Web Application Security

Schweiz - WEBAP - Web Application Security

Deutschland - WEBAP - Web Application Security

Czech Republic - WEBAP - Web Application Security

Denmark - WEBAP - Web Application Security

Estonia - WEBAP - Web Application Security

Finland - WEBAP - Web Application Security

Greece - WEBAP - Web Application Security

Magyarország - WEBAP - Web Application Security

Ireland - WEBAP - Web Application Security

Luxembourg - WEBAP - Web Application Security

Latvia - WEBAP - Web Application Security

España - Seguridad de Aplicaciones Web (WEBAP)

Italia - WEBAP - Web Application Security

Lithuania - WEBAP - Web Application Security

Nederland - WEBAP - Web Application Security

Norway - WEBAP - Web Application Security

Portugal - WEBAP - Web Application Security

România - WEBAP - Web Application Security

Sverige - WEBAP - Web Application Security

Türkiye - WEBAP - Web Application Security

Malta - WEBAP - Web Application Security

Belgique - WEBAP - Web Application Security

France - WEBAP - Web Application Security

日本 - WEBAP - Web Application Security

Australia - WEBAP - Web Application Security

Malaysia - WEBAP - Web Application Security

New Zealand - WEBAP - Web Application Security

Philippines - WEBAP - Web Application Security

Singapore - WEBAP - Web Application Security

Thailand - WEBAP - Web Application Security

Vietnam - WEBAP - Web Application Security

India - WEBAP - Web Application Security

Argentina - Seguridad de Aplicaciones Web (WEBAP)

Chile - Seguridad de Aplicaciones Web (WEBAP)

Costa Rica - Seguridad de Aplicaciones Web (WEBAP)

Ecuador - Seguridad de Aplicaciones Web (WEBAP)

Guatemala - Seguridad de Aplicaciones Web (WEBAP)

Colombia - Seguridad de Aplicaciones Web (WEBAP)

México - Seguridad de Aplicaciones Web (WEBAP)

Panama - Seguridad de Aplicaciones Web (WEBAP)

Peru - Seguridad de Aplicaciones Web (WEBAP)

Uruguay - Seguridad de Aplicaciones Web (WEBAP)

Venezuela - Seguridad de Aplicaciones Web (WEBAP)

Polska - WEBAP - Web Application Security

United Kingdom - WEBAP - Web Application Security

South Korea - WEBAP - Web Application Security

Pakistan - WEBAP - Web Application Security

Sri Lanka - WEBAP - Web Application Security

Bulgaria - WEBAP - Web Application Security

Bolivia - Seguridad de Aplicaciones Web (WEBAP)

Indonesia - WEBAP - Web Application Security

Kazakhstan - WEBAP - Web Application Security

Moldova - WEBAP - Web Application Security

Morocco - WEBAP - Web Application Security

Tunisia - WEBAP - Web Application Security

Kuwait - WEBAP - Web Application Security

Oman - WEBAP - Web Application Security

Slovakia - WEBAP - Web Application Security

Kenya - WEBAP - Web Application Security

Nigeria - WEBAP - Web Application Security

Botswana - WEBAP - Web Application Security

Slovenia - WEBAP - Web Application Security

Croatia - WEBAP - Web Application Security

Serbia - WEBAP - Web Application Security

Bhutan - WEBAP - Web Application Security

Nepal - WEBAP - Web Application Security

Uzbekistan - WEBAP - Web Application Security