Information Security Training Application Security Testing Workshop

Application Security Testing 

Hands-On | 60+ Hours, 10 Days

WASD & ASTE Cert. Attempt | Online LAB Access

Aligned with OWASP (Web & Mobile) Application Security Testing Requirements

In an Organization, applications are the valuable tool to empower the business functions; they’re also valuable as well as a vulnerable target for hackers. These act as a easiest target for Attackers due to our primary focus on Functionality & Performance during Development cycle, where Security takes a back-seat.

Protecting the application requires a solution that can ensure compliance today, respond quickly and meet the increasing requirements of organization for the future. In order to meet these challenges, by the optimum solution should trace these vulnerabilities as they’re seen from the attacker’s perspective. Therefore, application security testing will best address these requirements.

Hack2Secure’s Workshop on Application Security Testing provides hands-on exposure using Simulated Lab Environment required for understanding and analysis of different Application Security Risk and Attack vectors.

Scoped around OWASP Web & Mobile Application Security Testing Requirements along with those for Web Services, these intensive practical oriented sessions provide deep-dive on required practical tips and tricks to evaluate, test and assess Application Security flaws.

What you will Receive?

  • Instructor Led Classroom Sessions
  • Dedicated access to Online Lab [30 Days]
  • WASD & ASTE Certificate Attempt Vouchers
    • 1 Attempt, 6 Months Validity
    • Globally accredited, proctored & delivered by PearsonVUE
  • Program Content & Reference documents (Soft Deliverables)
  • Access to Self-Paced Online Sessions  
  • Training Completion Certificate 

What NOT to Expect?

  • Any distribution of License or Key of Commercial Security Tools
  • Job Opportunity (But, it will be easy to find with this curriculum and skill-set)
  • Travel, Accommodation

Laptop Required

Hack2Secure will provide access to its Cloud based Lab Environment including access to Vulnerable Web Server and required Security Tools. To access same, Students are required to have sufficient configuration supporting Laptop and Internet Speed.

  • Students need to bring their Laptop to access Lab environment

Min. Laptop Configuration

  • Operating System: Windows 7, 8, 8.1, 10
  • RAM: Min. 4 GB (Recommended)
  • Networking: LAN Port

Application Security Testing Workshop Info

OWASP Top10: Web OWASP Top10: Mobile
Application Reconnaissance Auth'n & Author'n Risk
SQL Injection Cross Site Scripting
Session Management Flaws Cross Site Request Forgery
Burp Suite, ZAP Nikto, W3af, NMap
SSL/TLS, IPSec Appl. Threat Modeling

Instructor Led Classroom Sessions
Training Completion Certificate
Online Lab Access [30 Days]
H2S WASD & ASTE Cert Attempt Voucher
Soft Deliverables
Access to Self-Paced Online Sessions

Security Team
  • Security Engineers & Testers
  • Auditors, Managers, Consultants
R&D Team
  • Architects, Developers, Analyst
  • Software Testing Team (QA)
  • Consultants, Research Engineers
Students
  • Looking to pursue career in Application Security Assessment & Testing

Workshop Modules

Application Sec. Testing: Intro

  • Application Security: Intro
  • Web Proxy Servers
  • HTTP Protocol: Analysis
  • HTTPS Protocol: Testing

Introducing OWASP

  • About OWASP
  • Web & Mobile: Top 10 Risk
  • Security Testing Framework
  • Security Testing Guide

Securing Web Services

  • Web Services: Intro
  • SOAP/XML, REST/JSON
  • AJAX: Attack Scenarios

Reconnaissance

  • DNS Protocol: Security Analysis
  • Google Hacking
  • Website Mirroring
  • Recon-Ng, TheHarvester

Looking for Entry Point

  • Scanning & Fingerprinting
  • NMap & Netcat
  • Spidering
  • Fuzzing
  • Directory Browsing

Analyzing A.A.A. Concerns

  • Authentication: Schemes & Attacks
  • Authorization, Access Controls
  • Priv. Escalation, Directory Traversal
  • Accountability, Security Practices

Session Management Flaws

  • “Sessions” & Tracking Methods
  • Fixation, Hijacking, Tampering
  • Securing Cookies & Headers

Injection Attacks

  • SQL Query: Primer
  • SQLi: Root Cause, Types
  • Command Injection: Analysis
  • Local & Remote File Injections

Cross Site Scripting

  • JavaScript: Primer
  • Same Origin Policy, DOM
  • XSS: About, Types & Scenarios
  • HTML Injection

Cross Site Request Forgery

  • XSRF: What, Why & How
  • Defensive Myths
  • CSRF Token, Double Submission Cookies

Buffer Overflow Attacks

  • Heap & Stack Overflow
  • Format String Vulnerabilities

Scanners

  • W3af, Metasploit Framework

Web Filters & Firewalls

  • Web Application Filtering
  • Web Application Firewalls (WAF)

Python for WAST

  • Python: Primer
  • Python to craft HTTP Packets
  • Scapy: Usage & Analysis

Appl. Threat Modeling

  • S.T.R.I.D.E.
  • Threat Modeling: Process & Use Cases
  • Threat Considerations in Web, Mobile & API Communication
  • Threat Modeling: Workshop

IPSec & VPN

  • IPSec: About, Usage
  • SSL & IPSec VPN

Send Details

H2S Web Security Testing Workshop [Reference Guide]

Web Application Security Defender

Evaluate your Web Security Testing Knowledge & Skills

wasd certification

Application Security Testing Expert

Evaluate your Web, Mobile & API Security Testing Knowledge & Skills

aste certification
    Book an Exam  Contact Us  Enquire Now !