Information Security Training application security training suite

Application Security Training Suite

Customized Delivery as per Business Role & Scope

90+ Hours, 15 Days | 5 Sections | 4 Certs | Online LAB Access

Hack2Secure’s “Application Security Training Suite” is one of the unique vendor independent, Industry aligned, End-to-End Application Security Training program, completely customizable as per Business needs. AppSec Training Suite (ASTS) provides a flexible framework for complete Team/Organization, enabling workforce to learn, explore and implement Application Security practices and controls according to their Roles and business responsibilities.

Broken into 5 Sections, this 15 Days of flexible Application Security Training program enables professionals to adopt and attend modules as per their needs and interests. All Sections are logically scoped around the organizational Roles and are equipped with Real Time Case Studies, resources and dedicated Online Lab to ensure core level understanding of required Security Concepts, Controls and Practices.

ASTS also covers curriculum of 4 globally delivered and proctored H2S Certification Programs with PearsonVUE across Application Security domains for proper assessment of individual’s knowledge and assurance of his Professional Skills.

What each Participant will Receive?

  • Instructor Led Classroom Session
  • Online Lab Access
    • Plug & Play, Cloud Based
  • Hack2Secure’s Cert Attempt Voucher
    • Exam Voucher of any Hack2Secure Cert of Choice
      • 1 Attempt, 6 months Validity
      • Globally Proctored and Delivered Exam by Pearson VUE

What NOT to Expect?

  • Deep-dive to Application Security Basic concepts, apart from scoped curriculum
  • Providing deep-dive on any Programming Language or Technology
  • Any distribution of License or Key of Commercial Security Tools

Laptop Required

Hack2Secure will provide access to its Cloud based Lab Environment including access to Vulnerable Web Server and required Security Tools. To access same, Students are required to have sufficient configuration supporting Laptop and Internet Speed.

  • Students need to bring their Laptop to access Lab environment

Min. Laptop Configuration

  • Operating System: Windows 7, 8, 8.1, 10
  • RAM: Min. 4 GB (Recommended)
  • Networking: Internet Connectivity

Customizable Role based AppSec Training Program

Explore Application Security Practices & Controls

Explore More

Application Security Training Suite [Program Guide]

Section#1 Modules: AppSec Awareness

Infosec Concepts

  • Core Security Concepts: C.I.A. Triad
  • Core Security Concepts: A.A.A.
  • Secure Design Principles
  • Security Definitions & Terminology

Web Security: Building the Base

  • HTTP & HTTPS Protocol
  • OWASP Top10: Web Application Security Risk
  • Web proxy Servers

Secure SDLC: Introduction

  • About Secure SDLC
  • Software Security Standards, Regulations and Compliances
  • Secure SDLC Standards & Frameworks
  • Security Assurance Methodologies

Section#2 Modules: Web Security Testing

Casual Leakage Points

  • DNS Protocol
  • Active & Passive Reconnaissance
  • Exploring Google Search
  • TheHarvester & Recon-Ng

Looking for Entry Point

  • Scanning: Identify Ports & Services
  • Fingerprinting Web Server
  • Spidering/Crawling
  • Fuzzing
  • Nmap, Netcat, Nikto

Analyzing A.A.A. Concerns

  • Attacks on Authentication
  • Privilege Escalation Attack
  • Directory Traversal Attacks
  • Secure Logging Practices

Session Management

  • Session Fixation, Hijacking, Tampering
  • Securing Cookie & Headers
  • Cross Site Request Forgery

Injection Attacks

  • SQLi: About, Root Cause, Types
  • Command Injection: About, Root Cause
  • [Local/Remote] File Inclusion Vulnerability

Cross Site Scripting

  • XSS: About, Root Cause, Types
  • HTML Injection: About, Root Cause

Web App Filters & Firewall

  • Web App Filtering
  • Web Application Firewall (WAF)

Section#3 Modules: Secure Application Coding


  • CWE/SANS Top 25 Most Dangerous Errors

Secure Coding Practices:C.I.A.

  • Cryptographic Practices
  • Communication Security
  • Input Validation
  • Output Encoding
  • Anti-Tampering

Secure Coding Practices:A.A.A.

  • Authentication & Password Management
  • Session Management
  • Access Control
  • Error Handling & Logging
  • Exception Management

Secure Coding Practices: Data at Rest

  • System Configuration
  • Database Security
  • File Management
  • Memory Management

Securing Web Services

  • AJAX Technologies
  • REST & AJAX Security Best Practices

Enterprise Security API (ESAPI)

  • ESAPI Project: About, Use Cases
  • ESAPI Recommended Practices & Templates

Secure SDLC: Implementation

  • Versioning: Best practices
  • Code Review & Analysis
  • Static Code Analysis

Section#4 Modules: Secure SDLC

Building Security Requirements

  • Defining Security Quality Gates
  • Building Security Requirement Checklist

Security Review & Response

  • Building Final Security Review Plan
  • Incident Handling Process
  • Threats to Supply Chain Software
  • Software Deployment and Procurement Risk

Securing Maintenance Cycle

  • Security Patch Management
  • Handling 3rd Party Library Upgrades
  • Application Disposal Policy

Section#5 Modules: AppSec Testing

Securing Web Services

  • About Web Services & Testing Requirements
  • Security Best practices

Session Management in Web Services

  • “Sessions” & Tracking Methods

Security Attacks on APIs

  • SQLi, XSS & XSRF Scenarios in Mobile Applications
  • SQLi, XSS & XSRF Scenarios in HTML5

Application Threat Modeling

  • About S.T.R.I.D.E
  • Attack Surface Analysis
  • Threat Considerations in an Application
  • Threat Modeling: Process


  • IPSec: About, Usage
  • SSL & IPSec VPN

Buffer Overflow Attacks

  • Heap & Stack Overflow
  • Format String Vulnerabilities

Explore More

Application Security Training Suite [Program Guide]

   Explore Blogs  About H2S