Course Overview:
Nowadays the web applications are playing an important role in our IT world, that’s why securing the web applications and its environment in now more important than ever, the course helps students to understand the technologies that are being used under the different services and systems so that they are able to make informed decisions when choosing a cloud vendor. The course also covers the different types of cloud products, their working, their benefits and the migration process to the cloud. The Web Application security course enables the students to establish industry acceptable auditing standards with current best practices and policies specifically for the web applications and cloud environment. The students can learn, implement and penetration test the concepts taught in this course in real-world scenarios.
Course Objectives:
- Understand and identify possible exploits in live web applications •Identify and secure vulnerabilities
- Different penetration testing methods
- Identify OWASP top 10 vulnerabilities
- Working with Virtualization for testing environments
- Using all the knowledge to protect your web application
Pre-requisites:
This course assumes that you have a basic understanding of technology and Information technology having some basic knowledge of computer networks could be helpful for some of the modules in the course.
Target Audience:
- Web Developers
- IT Managers who willing to understand web security in an advance manner.
- Security professionals who want to fill the gaps in their information Security knowledge
- IT engineers who want to build secure network against the attacks
- Network Administrators
Course Duration:
- 35 hours – 5 days
Course Content:
Module 1:
- Overview of web technologies
- Web application architecture
- Attack trends
- Authentication vulnerabilities
- Authorization vulnerabilities
Module 2:
- SSL vulnerabilities and testing
- Session vulnerabilities
- Cross-site request forgery
- Input-related flaws
- SQL injection
Module 3:
- Cross-site scripting
- Web services config security
- Vulnerability detection in web application
- Incident handling
Module 4:
- XML security
- AJAX technologies
- AJAX common attacks
- Invalid redirect and forwards
- Insecure direct object references
- Closing and Remarks