Day 1
1. A brief overview of OWASP 2021 top 10 threats
2. Setting up the environment : Installing Kali Linux Virtual machine, Burp Suite, OWASP BWA bundle, DVWA
3. Different types of injection attacks and the counter measures : Command Injection Attack, SQL Injection Attack
4. Identification and authentication failures, and counter measures
5. Broken Access Control and counter measures
6. Understanding Cryptographic failures and how to secure data
7. Security Misconfiguration and countermeasures
Excercises: -
1. Perform SQL injection attack and then implement the countermeasures
2. Implement a case study for cryptographic data failures
3. Test broken access control and its counter measures
Day 2
1. Software and Data Integrity failures ( XSS attacks, Insecure Deserialization)
2. Path traversal and file inclusion
3. Security Logging and Monitoring failures
4. Flaws in session management and protecting session Ids
5. Server Side Request Forgery – SSRF
6. Vulnerable and Outdated Components
Excercises: -
1. Perform XSS attack and implement the counter measures
2. Implement an application with session management flaws
3. Find the flaws in a real world sample application and implement the counter measures
Day 3
1. Introduction to Authentication vs Authorization in Spring Security
2. Overview of different algorithms used for Encryption
3. Storing and Managing user details such as email, passwords in database for authentication using different Password Encoders and Hashing
4. Deep dive into CORS and CSRF
5. Introduction to OAuth2
6. Implementation of OAuth2 with Spring Security
Excercises: -
1. Customize authentication providers in Spring to secure a sample application using BCrypt Password Encoder
2. Develop a real-world application using OAuth2, from scratch