Certified Web Application Security Professional (CWASP™)
Benefits of attending web application security training
- Career advancement opportunities: Acquire valuable skills and certifications that can open doors to new job opportunities and professional growth.
- Enhanced security knowledge: Gain a deeper understanding of web application security principles and best practices.
- Penetration Testing: Understand the tools and techniques available and when to apply them.
- Improved risk mitigation: Identify and address vulnerabilities to minimize the risk of cyber-attacks and data breaches.
- Compliance with regulatory requirements: Ensure adherence to industry regulations and standards for data protection.
- Increased efficiency and cost savings: Prevent security incidents that can lead to financial losses and operational disruptions.
- Protection of brand reputation: Safeguard your organization's reputation by demonstrating a commitment to secure web applications.
Who should attend this course?
- All web app developers, testers, designers who wish to improve their security skills.
- Developers and System Architects wishing to improve their security skills and awareness.
- Team Leaders and Project Managers.
- Security practitioners and managers.
- Anyone interested in techniques for securing Web applications.
- QA analysts who want to learn the mechanics of Web applications for better testing.
Table of Contents
Session 1. Introduction to Web Applications
- Understanding Web Application Architecture
- MVC Model
- Micro Services
- Serverless Architecture
- Single Page Applications (SPAs)
- HTTP Protocols
- HTTP types and version
- HTTP Methods
- Introduction to Application Security
- Introduction to tools (Burp Suite & Proxy)
- Lab Setup
- Case Studies
Session 2. Testing Frameworks
- Global Standards/ Frameworks
- SANS Top 25 Software Errors
- OWASP Introduction
- Significance of OWASP Top 10
- Introduction to the OWASP Testing Guide
Session 3. OWASP Top 10 2021
- Broken Access Control
- Cross-Site Request Forgery
- Path Traversal: '.../...//'
- Relative Path Traversal
- Missing Authorization
- Incorrect Authorization
- Exposure of WSDL File Containing Sensitive Information
- Cryptographic Failures
- Weak Encoding for Passwords
- Improper Certificate's Chain of Trust
- Cryptographic Issues
- Cleartext Transmission of Sensitive Information
- Key Exchange without Entity Authentication
- Improper Verification of Cryptographic Signature
- Unprotected Transport of Credentials
- OWASP Top Ten 2007 Category A9 - Insecure Communications
Session 4. OWASP Top 10 2021 Continued
- SQL injection (error and blind)
- Load file and Out file
- Command Injection
- OS Command Injection
- Cross-site scripting
- Client side
- Server side
- Insecure Design
- Improper Error Handling
- Unrestricted Upload of File with Dangerous Type
- HTTP Request Smuggling
- Violation of Secure Design Principles
- Business Logic Errors
Session 5. OWASP Top 10 2021 Continued
- Security Misconfiguration
- Improper Restriction of XML External Entity Reference
- Missing Custom Error Page
- Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
- Sensitive Cookie Without 'HttpOnly' Flag (Cookie Management)
- Vulnerable and Outdated Components
Session 6. OWASP Top 10 2021 Continued
- Identification and Authentication Failures
- Improper Authentication
- Missing Critical Step in Authentication
- Origin Validation Error
- Session Fixation
- Weak Password Recovery Mechanism for Forgotten Password
- Lockout Mechanism Errors
- Unverified Password Change
- Software and Data Integrity Failures
- Deserialization of Untrusted Data
- Missing Support for Integrity Check
- Security Logging and Monitoring Failures
- Insertion of Sensitive Information into Log File
- Insufficient Logging
Session 7. OWASP Top 10 2021 Continued
- Server-Side Request Forgery
- Scanners & Interpreting Scan Reports
- Profiling the Scans
- Interpreting Scanner report
Session 8. API Testing
- Introduction to API
- What is API
- SOAP vs REST
- Case Studies
- Common API Vulnerabilities
- API Testing
- Introduction to Penetration Testing
- Introduction to Security Testing
- Introduction to Fuzz Testing
- Graph QL
Session 9. Practical Tips for Defending Web Applications
- Common Mistakes in Development
- Security Best Practices for Web Application & API Security
- Secure SDLC
- Threat Modelling
- Source Code Review
- Introduction to DevSecOps
- What is DevSecOps
- DevSecOps vs Secure SDLC
- DevSecOps for API Security