Practical Training on Web Application Security Analyst

Practical Training on Web Application Security Analyst

Practical Training on Web Application Security Analyst

Sr. No.

Topic

Sub-Topic

Duration

1

Fundamentals of Application Security
& security Testing

Fundamentals of Application Security


Security Terminology
Security Testing Approach
Application Security Testing Tools
Cryptography

3 Hrs.

2

Secure Software Development
Lifecycle

Integrating security into software development lifecycle


Develops Security
Threat Modelling
Architecture Risk Analysis & remediation
Attack Surface Analysis & Reduction

2 Hrs.

3

Security Assurance Testing

Static Application Security Testing


Dynamic Application Security Testing

2 Hrs.

4

Secure Development/OWASP
Testing Framework

Phase 1: Before Development Begins


Phase 2: During Definition and Design
Phase 3: During Development
Phase 4: During Deployment
Phase 5: Maintenance and Operations

4 Hrs.

5

OWASP - Introduction and
Objectives

Conduct Search Engine Discovery and Reconnaissance for Information Leakage


Enumerate Applications on Webserver
Review Webpage Comments and Metadata for Information Leakage
Identify application entry points

2 Hrs.

6

Configuration and Deployment Management
Testing – Security
Misconfiguration

Test Network/Infrastructure Configuration


Test Application Platform Configuration
Test File Extensions Handling for Sensitive Information
Review Old, Backup and Unreferenced Files for Sensitive Information
Test HTTP Strict Transport Security

3 Hrs.

7

Identity Management Testing

Test Role Definitions


Test User Registration Process
Test Account Provisioning Process
Testing for Account Enumeration and Guessable User Account
Testing for Weak or unenforced username policy

2 Hrs.

8

Authentication Testing

Testing for Credentials Transported over an Encrypted Channel


Testing for default credentials
Test remember password functionality
Testing for password policy
Testing for security question/answer

3 Hrs.

9

Authorization Testing

Testing Directory traversal/file include


Testing for bypassing authorization schema
Testing for Privilege Escalation
Testing for Insecure Direct Object References

2 Hrs.

10

Session Management Testing

Testing for Bypassing Session Management Schema


Testing for Cross Site Request Forgery (CSRF)
Testing for logout functionality
Test Session Timeout

2 Hrs.

11

Input Validation Testing

Analysis of Error Codes


Analysis of Stack Traces

2 Hrs.

12

OWASP Top 10 – 2017

Injections


Broken Authentication & Session Management
Sensitive Data Exposure
XML External Entities (XXE)
Broken Access Control
Security Misconfiguration
Cross Site Scripting – XSS
Insecure Deserialization
Using Component with known vulnerabilities
Insufficient Logging & Monitoring

4 Hrs.

13

Client Side Testing/ HTML5
Secure Code

Testing for JavaScript Execution


Testing for HTML & CSS Injection
Testing for Client Side URL Redirect
Testing for Client Side Resource Manipulation
Test Cross Origin Resource Sharing
Testing for Clickjacking
Test Local Storage

3 Hrs.

14

Protecting Mobile Devices

Mobile Device Attack Vectors


Attacking Android
Attacking iOS
Mobile Malware
Mobile Payments
MDM: Mobile Device Management, Guidelines, and Tools

3 Hrs.

15

DevSecOps

DevOps Process: Where is Security?


Why DevSecOps is needed
Principles of DevSecOps
Integrate Security in Pipeline
Environment and Data Security
Case Studies

3 Hrs.

Course Method

Interactive Instructor led online course( Zoom– Interactive Instructor Led Course)

Who Can Attend the Course

MS Students ( Final Year)

BS Students ( Final Year)

Associate Degree ( Final year)

Any Non-IT or Non-System professional

Any IT or Systems Professional

Network and Security professionals

IT System Professional

Programmers

IT Managers

Directors

VPs

Sales team

Course Duration Details

Course Duration: 40 Hrs.

Mentoring Session: 10 Hrs.

Total Training Hours ( Approx): 50 Hrs.

Get A Free Registration!