Information Security Training web security testing workshop

WEB APPLICATION SECURITY TESTING

Hands-On | 42 Hours, 7 Days | WASD Exam Attempt | Online LAB Access

Laptop Required | Aligned with OWASP Top10 (2017) & Testing Guide (v4)

Hack2Secure’s Workshop on Web Application Security Testing provides hands-on exposure using both Real-Time scenarios and Simulated Lab environment to required Tools and Techniques on different Web Security Risk and Attack vectors.

Scoped around OWASP Security Testing Guide, these intensive practical sessions provides deep-dive on required practical tips and tricks to evaluate, test and assess Security of Web Application. It also covers OWASP Top10 Web Security Risk from analysis, Testing and defense best practices prospect.

Key Take-Away

  • Active and Passive Reconnaissance methods
  • SSL/TLS Handshake and Testing methods
  • Scanning, Fingerprinting and Spidering
  • Exploring A.A.A. Concerns
  • Session Management and related Attacks
  • SQL & Command Injection
  • Cross Site Scripting (XSS)
  • Cross Site Request Forgery (XSRF)
  • Exploiting Web Services & APIs
  • Buffer Overflow Attacks
  • Web Application Filters & Firewalls
  • Burp Suite and Zed Attack Proxy (ZAP)
  • Metasploit Framework, W3af
  • Nikto, BeEF, XSSer,
  • NMAP, NETCAT, Recon-ng
  • Python and Java Script for Security Testers

Who should Attend?

  • Security Team/Office
    • Security Engineers and Testers
    • Application/Software Security Analyst
    • Application/Software Penetration Testers
    • Security Managers, Consultants, Auditors
  • Research & Development Team
    • Architects, Developers
    • Software Testing Team (QA)
    • Software Consultants, Research Engineers
    • Team Leads, Technical Managers
  • Students
    • Looking to pursue career in Web Application Security Assessment/Testing
  • Anyone
    • who wants to explore Web Application Security Testing Tools, Techniques and Practices

Workshop Agenda

Module#1: Building the Base [Concepts, Processes and Methodologies]

  • Understanding the Web, Importance of Web Application Security
  • Web Application Security Testing (WAST): Current Approach
  • HTTP & HTTPS Protocol
  • OWASP Top10 (2017) Web Application Security Risk
  • Proxy Serves: Burp Suite & ZAP

Module#2: Casual Leakage Points [Reconnaissance]

  • Why Information Gathering
  • DNS Protocol
  • Open Source Intelligence
  • Exploring Google Search,  Google Hacking Database (GHDB)
  • Information Leakage from Public Sources
  • Website Mirroring

Module#3: Looking for Entry Point [Scanning, Fingerprinting & Spidering]

  • Scanning & Fingerprinting of Web Server
  • Spidering/Crawling
  • Fuzzing
  • Directory Browsing

Module#4: Analysing A.A.A. Concerns

  • About Authentication, Different Schemes, Username Harvesting
  • Browser Cache Weakness
  • Cracking Weak Passwords
  • About Authorization
  • Insecure Direct Object References 
  • Directory Traversal Attacks
  • About Accountability
  • Error Code Analysis

Module#5: Session Management

  • Stateless Nature of HTTP
  • “Sessions” & Tracking Methods
  • Attacks on Session: Fixation, Hijacking, Tampering
  • Securing Cookies & Headers
  • Cross Site Request Forgery

Module#6: Injection Attacks

  • SQL Query: Primer
  • SQL Injection (SQLi)
  • Command Injection
  • [Local/Remote] File Inclusion Vulnerability

Module#7: Python & Java Script for Web Security Testing

  • Python & Java Script for WAST
  • Crafting HTTP Request & Attack scenarios with Python & Java Script [LAB]
  • Explore SCAPY for Packet Crafting

Module#8: Cross Site Scripting (XSS)

  • Cross-Site Scripting
  • HTML Injection

Module#9: Web Services & API

  • About Web Services, SOAP, REST, JSON & AJAX
  • Security Best Practices

Module#10: Buffer Overflow Attacks

  • Heap & Stack Overflow
  • Format String Vulnerabilities [LAB]

Module#11: Scanners & Frameworks

  • W3af [LAB]
  • Metasploit Framework [LAB]

Module#12: Web Application Filters and Firewall (WAF)

  • Web Application Defences: Filtering & Firewall
  • Filtering: .NET & ESAPI Filtering Options
  • Web Firewall: Types, Detection & Attack methods

What you will Receive?

  • Instructor Led Classroom Sessions
  • Soft Deliverables
    • Program Slides & Lab Guides
    • Reference Documents
  • Online Lab Access [30 Days]
  • WASD Exam Voucher
    • 1 Attempt, 6 months Validity
    • Globally Proctored and Delivered by Pearson VUE
  • Training Completion Certificate
  • Access to Self Paced Online Sessions       ...& much more

What NOT to Expect?

  • Deep-dive to Information Security Basic concepts, apart from scoped curriculum
  • Providing deep-dive on any Web Programming Language or Technology
  • Any distribution of License or Key of Commercial Security Tools
  • Job Opportunity (But, it will be easy to find with this curriculum and skill-set)
  • Travel, Accommodation

Requirements/Pre-requisites

  • Basic knowledge of UNIX & WINDOWS Operating System and Command line operations
  • Working Knowledge of Web related Concepts, basic functionality of Protocols especially HTTP
  • Basic understanding of web technologies and programming languages

Laptop Required

Hack2Secure will provide access to its Cloud based Lab Environment including access to Vulnerable Web Server and required Security Tools. To access same, Students are required to have sufficient configuration supporting Laptop and Internet Speed.

  • Students need to bring their Laptop to access Lab environment

Min. Laptop Configuration

  • Operating System: Windows 7, 8, 8.1, 10
  • RAM: Min. 4 GB (Recommended)
  • Networking: LAN Port

Send Details

Web Application Security Testing [WAST] Reference Guide

Web Application Security Testing Workshop Schedule

Batch# Duration When Where WASD Exam Attempt Registration & Cost
WAST_BLR 7 Days To be Announced H2S, Bangalore Included Email us: training@hack2secure.com
Learn More

Web Application Security Defender (WASD) Certification Program

Enquire Now

More Details & Queries

    Book an Exam  Contact Us  Enquire Now !