Information Security Training Application Security Testing Workshop

Application Security Testing 

Hands-On | 60+ Hours, 10 Days

WASD & ASTE Cert. Attempt | Online LAB Access

Aligned with OWASP (Web, Mobile & API) Security Testing Requirements

Hack2Secure’s Workshop on Application Security Testing provides hands-on exposure using Simulated Lab Environment required for understanding and analysis of different Application Security Risk and Attack vectors.

Scoped around OWASP Web and Mobile Application Security Testing Requirements along with those for Web Services, these intensive sessions provide deep-dive on required practical tips and tricks to evaluate, test and assess Application Security flaws.

What you will Receive?

  • Interactive Sessions [Class Room / Live Online]
  • Online Lab Access
    • Plug & Play, Cloud Based
  • WASD & ASTE Cert Attempt Voucher
    • 1 Attempt, 6 months Validity: Each
    • Globally Proctored and Delivered by Pearson VUE
  • Training Completion Certificate

What NOT to Expect?

  • Any distribution of License or Key of Commercial Security Tools
  • Job Opportunity (But, it will be easy to find with this curriculum and skill-set)
  • Travel, Accommodation

Laptop Required

Hack2Secure will provide access to its Cloud based Lab Environment including access to Vulnerable Web Server and required Security Tools. To access same, Students are required to have sufficient configuration supporting Laptop and Internet Speed.

  • Students need to bring their Laptop to access Lab environment

Min. Laptop Configuration

  • Operating System: Windows 7, 8, 8.1, 10
  • RAM: Min. 4 GB (Recommended)
  • Networking: Internet Connectivity

Application Security Testing Workshop: Info

OWASP Top10: Web OWASP Top10: Mobile
Application Reconnaissance Auth'n & Author'n Risk
SQL Injection Cross Site Scripting
Session Management Flaws Cross Site Request Forgery
Burp Suite, ZAP Nikto, W3af, NMap
SSL/TLS, IPSec Appl. Threat Modeling

Interactive Sessions [Classroom/Online]
Training Completion Certificate
Online Lab Access
WASD & ASTE Cert Attempt Voucher

Security Team
  • Security Engineers & Testers
  • Auditors, Managers, Consultants
R&D Team
  • Architects, Developers, Analyst
  • Software Testing Team (QA)
  • Consultants, Research Engineers
  • Looking to pursue career in Application Security Assessment & Testing

Workshop Modules

Application Sec. Testing: Intro

  • Application Security: Intro
  • Web Proxy Servers
  • HTTP Protocol: Analysis
  • HTTPS Protocol: Testing

Introducing OWASP

  • About OWASP
  • Web & Mobile: Top 10 Risk
  • Security Testing Framework
  • Security Testing Guide

Securing Web Services

  • Web Services: Intro
  • AJAX: Attack Scenarios


  • DNS Protocol: Security Analysis
  • Google Hacking
  • Website Mirroring
  • Recon-Ng, TheHarvester

Looking for Entry Point

  • Scanning & Fingerprinting
  • NMap & Netcat
  • Spidering
  • Fuzzing
  • Directory Browsing

Analyzing A.A.A. Concerns

  • Authentication: Schemes & Attacks
  • Authorization, Access Controls
  • Priv. Escalation, Directory Traversal
  • Accountability, Security Practices

Session Management Flaws

  • “Sessions” & Tracking Methods
  • Fixation, Hijacking, Tampering
  • Securing Cookies & Headers

Injection Attacks

  • SQL Query: Primer
  • SQLi: Root Cause, Types
  • Command Injection: Analysis
  • Local & Remote File Injections

Cross Site Scripting

  • JavaScript: Primer
  • Same Origin Policy, DOM
  • XSS: About, Types & Scenarios
  • HTML Injection

Cross Site Request Forgery

  • XSRF: What, Why & How
  • Defensive Myths
  • CSRF Token, Double Submission Cookies

Buffer Overflow Attacks

  • Heap & Stack Overflow
  • Format String Vulnerabilities


  • W3af, Metasploit Framework

Web Filters & Firewalls

  • Web Application Filtering
  • Web Application Firewalls (WAF)

Python for WAST

  • Python: Primer
  • Python to craft HTTP Packets
  • Scapy: Usage & Analysis

Appl. Threat Modeling

  • S.T.R.I.D.E.
  • Threat Modeling: Process & Use Cases
  • Threat Considerations in Web, Mobile & API Communication
  • Threat Modeling: Workshop


  • IPSec: About, Usage
  • SSL & IPSec VPN

Send Details

App Security Testing Workshop [Reference Guide]

Web Application Security Defender

Evaluate your Web Security Testing Knowledge & Skills

wasd certification

Application Security Testing Expert

Evaluate your Web, Mobile & API Security Testing Knowledge & Skills

aste certification
   Explore Blogs  About H2S