Practical Training on Web Application Security Analyst
Sr. No.
Topic
Sub-Topic
Duration
1
Fundamentals of Application Security
& security Testing
Fundamentals of Application Security
Security Terminology
Security Testing Approach
Application Security Testing Tools
Cryptography
3 Hrs.
2
Secure Software Development
Lifecycle
Integrating security into software development lifecycle
Develops Security
Threat Modelling
Architecture Risk Analysis & remediation
Attack Surface Analysis & Reduction
2 Hrs.
3
Security Assurance Testing
Static Application Security Testing
Dynamic Application Security Testing
2 Hrs.
4
Secure Development/OWASP
Testing Framework
Phase 1: Before Development Begins
Phase 2: During Definition and Design
Phase 3: During Development
Phase 4: During Deployment
Phase 5: Maintenance and Operations
4 Hrs.
5
OWASP - Introduction and
Objectives
Conduct Search Engine Discovery and Reconnaissance for Information Leakage
Enumerate Applications on Webserver
Review Webpage Comments and Metadata for Information Leakage
Identify application entry points
2 Hrs.
6
Configuration and Deployment Management
Testing – Security
Misconfiguration
Test Network/Infrastructure Configuration
Test Application Platform Configuration
Test File Extensions Handling for Sensitive Information
Review Old, Backup and Unreferenced Files for Sensitive Information
Test HTTP Strict Transport Security
3 Hrs.
7
Identity Management Testing
Test Role Definitions
Test User Registration Process
Test Account Provisioning Process
Testing for Account Enumeration and Guessable User Account
Testing for Weak or unenforced username policy
2 Hrs.
8
Authentication Testing
Testing for Credentials Transported over an Encrypted Channel
Testing for default credentials
Test remember password functionality
Testing for password policy
Testing for security question/answer
3 Hrs.
9
Authorization Testing
Testing Directory traversal/file include
Testing for bypassing authorization schema
Testing for Privilege Escalation
Testing for Insecure Direct Object References
2 Hrs.
10
Session Management Testing
Testing for Bypassing Session Management Schema
Testing for Cross Site Request Forgery (CSRF)
Testing for logout functionality
Test Session Timeout
2 Hrs.
11
Input Validation Testing
Analysis of Error Codes
Analysis of Stack Traces
2 Hrs.
12
OWASP Top 10 – 2017
Injections
Broken Authentication & Session Management
Sensitive Data Exposure
XML External Entities (XXE)
Broken Access Control
Security Misconfiguration
Cross Site Scripting – XSS
Insecure Deserialization
Using Component with known vulnerabilities
Insufficient Logging & Monitoring
4 Hrs.
13
Client Side Testing/ HTML5
Secure Code
Testing for JavaScript Execution
Testing for HTML & CSS Injection
Testing for Client Side URL Redirect
Testing for Client Side Resource Manipulation
Test Cross Origin Resource Sharing
Testing for Clickjacking
Test Local Storage
3 Hrs.
14
Protecting Mobile Devices
Mobile Device Attack Vectors
Attacking Android
Attacking iOS
Mobile Malware
Mobile Payments
MDM: Mobile Device Management, Guidelines, and Tools
3 Hrs.
15
DevSecOps
DevOps Process: Where is Security?
Why DevSecOps is needed
Principles of DevSecOps
Integrate Security in Pipeline
Environment and Data Security
Case Studies
3 Hrs.
Course Method
Interactive Instructor led online course( Zoom– Interactive Instructor Led Course)
Who Can Attend the Course
MS Students ( Final Year)
BS Students ( Final Year)
Associate Degree ( Final year)
Any Non-IT or Non-System professional
Any IT or Systems Professional
Network and Security professionals
IT System Professional
Programmers
IT Managers
Directors
VPs
Sales team
Course Duration Details
Course Duration: 40 Hrs.
Mentoring Session: 10 Hrs.
Total Training Hours ( Approx): 50 Hrs.