WEB APPLICATION PENETRATION TESTING TRAINING

Cyber Security Works Pvt. Ltd. No. 3, III.rd Floor, E- Block, No. 599, Anna Salai, Chennai – 600006 http://www.cybersecurityworks.com [email protected] Society for Electronic Transactions and Security [SETS] MGR Knowledge City, CIT Campus, Taramani, Chennai – 600006 http://www.setsindia.org [email protected]

  Web Application Penetration Testing Training

                                                                                                                                                                                                                                                                                                                                                                                                                        Course: Web Application Penetration Testing

     

Certification: Certified Web-Application Penetration Tester Study Material: Presentations, Lab Book, Tools and CD with all training materials. Training fees and Duration: 1. Web Application Penetration Testing Training (Includes one attempt to certification exam) Fees: INR 22,900.00 per candidate (group discount available) Duration: 5 Days/35 Hrs. Web Application Penetration Testing Training DAY 1 S. No

Topics

Duration

1.

Introduction to Web Application Security

1 Hrs.

Ø

Overview web application security

Ø

Web application architecture overview

Ø Introduction to various web application security standards and framework like OWASP top 10, SANS top 25 etc.

2.

3.

Introduction to Vulnerability tools

2 Hrs.

Ø

Introduction to common tools in web application security.

Ø

Tools usage and utilization.

Ø

Live demo of tools for using it to find and exploit vulnerabilities.

Injection Vulnerabilities

2 Hrs.

Ø

Overview of types of injection vulnerabilities.

Ø

Detecting various types of injection vulnerabilities.

Ø

Exploiting various injection vulnerabilities.

Ø Live demo of detection and exploitation of injection vulnerabilities. Ø Overview of best practices to avoid injection attacks. 4.

LAB

2 Hrs.

Ø

Lab for using tools for information gathering.

Ø

Lab on using tools for detecting vulnerabilities.

Ø

Lab on tools for exploiting vulnerabilities.

Ø

Lab for detecting and exploiting Injection attacks.

DAY 2 5.

Cross Site Scripting Vulnerabilities Ø

Overview of types of Cross Site Scripting vulnerabilities.

Ø

Detecting various types of Cross Site Scripting vulnerabilities.

Ø

Exploiting various Cross Site Scripting vulnerabilities.

2 Hrs.

Ø Live demo of detection and exploitation of Cross Site Scripting vulnerabilities.

  Web Application Penetration Testing Training

                                                                                                                                                                                                                                                                                                                                                                                                                        Ø Overview of best practices to avoid Cross Site Scripting attacks. 6.

Cross Site Request Forgery Vulnerabilities Ø

Overview of types of Cross Site Request Forgery vulnerabilities.

Ø

Detecting various types of Cross Site Request Forgery

     

1.5 Hrs.

vulnerabilities. Ø

Exploiting various Cross Site Request Forgery vulnerabilities.

Ø Live demo of detection and exploitation of Cross Site Request Forgery vulnerabilities.

Ø Overview of best practices to avoid Cross Site Request Forgery attacks.

7.

Broken Authentication and Session Management Vulnerabilities Ø

1.5 Hrs.

Overview of types of Broken Authentication and Session Management Vulnerabilities.

Ø

Detecting various types of Broken Authentication and Session Management Vulnerabilities.

Ø

Exploiting various Broken Authentication and Session Management Vulnerabilities.

Ø Live demo of detection and exploitation of Broken Authentication and Session Management Vulnerabilities.

Ø Overview of best practices to avoid Broken Authentication and Session Management Vulnerabilities.

8.

Sensitive Data Exposure Ø

Overview of types of Sensitive Data Exposure Vulnerabilities.

Ø

Detecting various types of Sensitive Data Exposure Vulnerabilities.

Ø

Exploiting various Sensitive Data Exposure Vulnerabilities.

1 Hrs.

Ø Live demo of detection and exploitation of Sensitive Data Exposure Vulnerabilities.

Ø Overview of best practices to avoid Sensitive Data Exposure Vulnerabilities.

9.

LAB

2 Hrs.

Ø

Lab for detecting and exploiting Cross Site Scripting attacks.

Ø

Lab for detecting and exploiting Cross Site Request Forgery attacks.

Ø

Lab for detecting and exploiting Broken Authentication and Session Management attacks.

Ø

Lab for detecting and exploiting Sensitive Data Exposure attacks.

  Web Application Penetration Testing Training

                                                                                                                                                                                                                                                                                                                                                                                                                        Day 3 10.

Unvalidated Redirects and Forwards Ø

     

1 Hrs.

Overview of types of Unvalidated Redirects and Forwards Vulnerabilities.

Ø

Detecting various types of Unvalidated Redirects and Forwards Vulnerabilities.

Ø

Exploiting various Unvalidated Redirects and Forwards Vulnerabilities.

Ø Live demo of detection and exploitation of Unvalidated Redirects and Forwards Vulnerabilities.

Ø Overview of best practices to avoid Unvalidated Redirects and Forwards Vulnerabilities.

11.

Business logic attacks Ø

Overview of types of Business logic Vulnerabilities.

Ø

Detecting various types of Business logic Vulnerabilities.

Ø

Exploiting various Business logic Vulnerabilities.

1 Hrs.

Ø Live demo of detection and exploitation of Business logic Vulnerabilities.

Ø Overview of best practices to avoid Business logic Vulnerabilities.   12.

Secure Coding Best Practices Ø

Overview of secure coding.

Ø

Detecting insecure coding.

Ø

Implementing secure coding practices.

1 Hrs.

Ø Live demo of secure coding best practices examples. 13.

LAB Ø

2 Hrs. Lab for detecting and exploiting Unvalidated Redirects and Forwards attacks.

Ø

14.

Lab for detecting and exploiting Business logic attacks.

Capture the Flag Ø

3 Hrs.

Capture the flag using all the topics covered during the training.

  Web Application Penetration Testing Training

                                                                                                                                                                                                                                                                                                                                                                                                                        Who Should Attend? •

Students



Application developers



Security analysts or managers



Penetration testers who are interested in learning application security



Security professionals who are interested in learning about web application security



And of course guys who are interested in security.

     

What do you get after the training? •

Good understanding of web application security and penetration testing.



Participation certificate.



Certified Web Application Penetration Tester certificate after successfully passing the exam.

  Web Application Penetration Testing Training

                                                                                                                                                                                                                                                                                                                                                                                                                        About Cyber Security Works Pvt. Ltd. (CSW):

     

CSW is empanelled with CERT-IN, Govt. of India. CSW has the world's best technology to assess vulnerabilities; knowledge mine the results and dynamically penetrate networks, systems and applications. Our patent pending technologies are very efficient and accurate in simulating a human hacker. Our patent pending data mining techniques extracts and presents the relevant information. CSW’s researchers are in the forefront of applied research and continuously innovate.

CSW offers independent assessments of information and critical infrastructures, focusing on the malicious intent of adversaries. These services assist in bolstering security and mitigating damage. CSW assisted in securing several governmental entities, including the IT Infrastructures for over 80 public, private organizations and defense establishments in India (Andhra Pradesh, Tamil Nadu, Karnataka, Delhi, and Andaman & Nicobar), USA (New Mexico, Arizona, Colorado, Wisconsin, New Jersy, Nevada, and Texas). CSW also provides Incident Response during cyber emergencies and EDiscovery services to entities involved in litigation.

About Society for Electronics Transactions and Security (SETS): SETS is an initiative of the Central Government through the Office of the Principal Scientific Adviser (PSA) to the Government of India. SETS was set up for the purpose of nucleating, sensitizing and developing technologies that can protect the information wealth of the country. Such an idea to form a specialized organization in the area of information security was conceived by Dr. A.P.J. Abdul Kalam, formerly the Hon’ble President of India and was implemented by Dr. R.Chidambaram from the Office of the PSA. SETS was formally launched by Dr. A.P.J. Abdul Kalam on June 25, 2002. SETS is the first organization in India established in the Public-Private Partnership mode to be engaged in information security. SETS was registered as a non-profit society under the Societies Act of 1860 in May 2002. •

SETS is the first Information Security organization in a Public Private Partnership (PPP) Mode.



SETS is backed by the corporate sector with Government membership playing an enabling role.



SETS is a collaborative effort of Information Security professionals from top notch institutions from India and abroad.



SETS is dedicated for development of appropriate technologies towards enabling the protection of Information resources of the country

  Web Application Penetration Testing Training

Web-App Security Training_v1 -

CSW has the world's best technology to assess vulnerabilities ... SETS is dedicated for development of appropriate technologies towards enabling the protection ...
Download PDF
180KB Sizes 1 Downloads 188 Views
Report

Recommend Documents

Intro to Webapp - GitHub
The Public Data Availability panel ... Let's look at data availability for this cohort ... To start an analysis, we're going to select our cohort and click the New ...
Intro to Webapp SeqPeek - GitHub
brought to you by. The ISB Cancer Genomics Cloud. An Introduction to the ISB-CGC Web App SeqPeek. Page 2. https://isb-cgc.appspot.com. Main Landing ...
Intro to Webapp IGV - GitHub
Home Page or the IGV Github Repository. We are grateful to the IGV team for their assistance in integrating the IGV into the ISB-CGC web application.
Java WebApp Developer Course.pdf
... Project using Hibernate 6 Best Practices Discussion. 7 Coding Practice 7. 8 8. Topics. Topics. Page 2 of 2. Page 2 of 2. Java WebApp Developer Course.pdf.
WebApp-RelationalDB.40-47.pdf
WebApp-RelationalDB.40-47.pdf. WebApp-RelationalDB.40-47.pdf. Open. Extract. Open with. Sign In. Main menu. Displaying WebApp-RelationalDB.40-47.pdf.
Enhance Security and Usability Security and Usability Security and ...
Even though graphical passwords are difficult to guess and break, if someone direct observe during the password enter sessions, he/she probably figure out the password by guessing it randomly. Nevertheless, the issue of how to design the authenticati
The Psychology of Security - Schneier on Security
This means that, as a successful species on the planet, humans should be really good at ... A lot of this can be chalked up to bad information or bad mathematics .... as modern human society, technology, and the media. And, even worse, they ...
The Psychology of Security - Schneier on Security
Behavioral economics looks at human biases—emotional, social, and ..... as modern human society, technology, and the media. And, even worse, they can be made to fail by others—politicians, marketers, and so on—who exploit our ..... some commute
Information Security and Acceptable Use Security Policy.pdf ...
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. Information ...
Listing of Security of Security and Intelligence Services (India ... - NSE
Aug 8, 2017 - Members of the Exchange are hereby informed about the forthcoming listing of security (ies) on the. Exchange as follows: Name of the ...
Network Security and Storage Security: Symmetries ...
application of network-oriented solutions. ... of data, or network communication, and the timeshifting of data, or storage. ..... scribing to a data service. The link ...
Information Security and Acceptable Use Security Policy.pdf ...
Page 2 of 15. Published 6/30/2016 2. Information Security Office. Education - Partnership - Solutions. District organizational expectations for responsible use of ...