Duration 5 days – 35 hrs
Overview
The Certified Web Application Security Testing (CWAST) training course is designed to provide participants with a comprehensive understanding of web application security and the essential techniques needed to test and secure web applications. Over the course of five days, participants will gain hands-on experience with the latest tools and methodologies for identifying and mitigating security vulnerabilities in web applications. This training is ideal for security professionals, developers, and IT professionals who are responsible for the security of web applications.
Objectives
- Understand the fundamentals of web application security.
- Learn to identify and exploit common web application vulnerabilities.
- Master the use of various tools and techniques for web application security testing.
- Develop skills to mitigate and remediate security issues.
- Gain practical experience through hands-on labs and real-world scenarios.
- Prepare for the Certified Web Application Security Testing (CWAST) certification exam.
Audience
- Security Professionals
- Web Developers
- IT Professionals
- System Administrators
- Anyone responsible for web application security
Prerequisites
- Basic understanding of web technologies (HTML, CSS, JavaScript).
- Familiarity with web application architecture.
- Experience with basic networking concepts.
- Prior knowledge of security fundamentals is beneficial but not required.
Course Content
Day 1: Introduction to Web Application Security
Morning Session:
- Course Introduction and Objectives
- Overview of Web Application Security
- Importance of Web Application Security
- OWASP Top 10 Vulnerabilities
- Understanding the Web Application Architecture
Afternoon Session:
- Web Application Security Testing Methodologies
- Black Box Testing
- White Box Testing
- Grey Box Testing
- Setting Up the Testing Environment
- Tools and Software Installation
- Configuring Testing Tools
Day 2: Identifying and Exploiting Vulnerabilities
Morning Session:
- Injection Attacks
- SQL Injection
- Command Injection
- LDAP Injection
- Cross-Site Scripting (XSS)
- Reflected XSS
- Stored XSS
- DOM-Based XSS
Afternoon Session:
- Cross-Site Request Forgery (CSRF)
- Security Misconfigurations
- Insecure Deserialization
- Hands-On Labs: Exploiting Common Vulnerabilities
Day 3: Advanced Web Application Security Testing
Morning Session:
- Authentication and Session Management
- Weak Password Policies
- Session Fixation
- Session Hijacking
- Access Control Vulnerabilities
- Broken Access Control
- Insecure Direct Object References (IDOR)
Afternoon Session:
- Security Testing Tools
- Burp Suite
- OWASP ZAP
- WebScarab
- Hands-On Labs: Using Security Testing Tools
Day 4: Mitigation and Remediation Techniques
Morning Session:
- Secure Coding Practices
- Input Validation
- Output Encoding
- Secure Session Management
- Web Application Firewalls (WAFs)
Afternoon Session:
- Secure Development Lifecycle (SDL)
- Integrating Security into SDLC
- Threat Modeling
- Security Code Reviews
- Hands-On Labs: Implementing Mitigation Techniques
Day 5: Real-World Scenarios and Certification Preparation
Morning Session:
- Case Studies of Recent Web Application Attacks
- Incident Response and Handling
- Best Practices for Web Application Security
Afternoon Session:
- Review of Key Concepts
- Practice Exam Questions
- CWAST Certification Exam Preparation
- Q&A Session and Course Wrap-Up
