Experience with ASP.net
Experience of creating web applications
This course covers the secure coding concepts and principals with ASP.net through the Open Web Application Security Project (OWASP) methodology of testing , OWASP is an online community which creates freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.
This Course explores the Dot Net Framework Security features and how to secure web applications.
Day 1 - Backend
Time slot Type Topic
9:00 - 9:50 Lecture: Introduction. OWASP Top 10, CWE Top 25
10:00 - 10:50 Exercise: SAST workflow. Rule building
11:00 - 12:00 Lecture: App Boundary. Authentication, Authorization
12:00 - 13:00 Lunch break
13:00 - 13:50 Exercise: Login screen, session, IDORs, API hacking, etc
14:00 - 14:50 Lecture: Session management, input validation
15:00 - 16:00 Exercise: Hacking sessions, etc
Day 2 - Backend / Network
Time slot Type Topic
9:00 - 9:50 Lecture: DAST. Fuzzing
10:00 - 10:50 Exercise: Writing fuzz tests
11:00 - 12:00 Lecture: OS command injections, path traversals, insecure uploads
12:00 - 13:00 Lunch break
13:00 - 13:50 Exercise: Hacking insecure uploads, injections, etc
14:00 - 14:50 Lecture: Network security
15:00 - 16:00 Exercise: Wireshark. Qualys SSL labs. DevTools
Day 3 - Frontend
Time slot Type Topic
9:00 - 9:50 Lecture: Overview of the frontend. Cookies. SOP
10:00 - 10:50 Exercise: Hacking front-end
11:00 - 12:00 Lecture: Cross-site scripting, CSRF
12:00 - 13:00 Lunch break
13:00 - 13:50 Exercise: Hacking front-end
14:00 - 14:50 Lecture: XS-Leaks
15:00 - 16:00 Lecture: Secure design principles: confidentiality, integrity, availability