Search for Training

Web Application Security Testing

Course Overview


The Web Application Security Testing Training is a mix of case driven, instructor-led, and self paced learning, designed to enable participants learn, experiment and implement the concepts involved in Security Testing for Web Application. The participants will be presented with ample examples, exercises and case studies to understand and apply the concepts taught.

Course Content


Understanding Web Security Concerns

  • Introduction - Web Security
  • The Business Impact of Security
  • Secure SDLC Self-Assessment
  • Roles and Responsibilities
  • Need for Security Policy
  • The Vulnerabilities
  • Web Security - Technology Basics
  • An Ecommerce Example

Introduction and Key Principles in Testing

  • Testing Concepts- Verification & Validation
  • SDLC and STLC
  • Test Design Methods and Testing Levels for Security Testing
  • Security Requirements Testing Derivation
  • Introduction to Testing Framework-OWASP
  • Secure SDLC Self-Assessment
  • Hands on - Identify Security Requirement from given Functional Requirements Specification

Introduction to Security Testing

  • What is Web Security Testing
  • Knowledge and Skills Needed for a Security Tester
  • The Scope of a Security Testing
  • Measures to Implement Overall Security for the Application
  • Security and Internet

Security Testing Methodology

  • Web Applications Security Landscape
  • The Business Logic Security Testing
  • Preparation and Testing
  • Risk Based Approach
  • Risk Awareness - Know, Analyze and Understand The Risk
  • Methods to Resolve the Problems
  • Measure the Results
  • Hands on - Risk Identification Case Study
  • A1 - Injection
  • A2 - Cross - site Scripting(XSS)
  • A3 - Broken Identification and Session Management
  • A4 - Insecure Direct Object References
  • A5 - Cross Side Request Forgery(CSRF)
  • A6 - Security Misconfiguration (NEW)
  • A7 - Insecure Cryptographic Storage
  • A8 - Failure to Restrict URL Access
  • A9 - Insufficient Transport Layer Protection
  • A10 - Unvalidated Redirect and Forward
  • Testing the Enterprise Security - Anti Spam and Anti - Virus

A walk through on vulnerabilities
SQL Injunction

Cross-Site Scripting
Port Scanning and Service Mapping
Random Data Testing
Session Hijacking
Phishing
URL Manipulation
IP Spoofing
Social Engineering
Parameter Manipulation
Penetration Testing
Database Auditing

  • The Server Security (The Process of Limiting the Access to Database Server)
  • Database Connection (The Local and Remote Database Access Through Authentication and Authorization)
  • Table Access Control (Related to Access Control List Restricting Control to Database Tables)
  • Restricting to Database Access ( Firewall and Network Segmentation)
  • Hands on Database Auditing
  • Introduction to Automation
  • Security Test Automation Tools
  • Demo on using Test Automation for Security Testing
  • Demo for Automation Test Tools
  • Introduction to Penetration Testing

Customer Reviews


Thanks to Xpertised and the tutor who walked me through all the topics with Practical exposure which is helping me in my current project.
-Waseem

Course was quite helpful in terms of understanding of concepts and practicality. Its really a very friendly environment to learn. The timing were mutually chosen, as we both are working professional. I am quite satisfied with the course.
-Tanmoy

...more
Share:

For Batch Details
Call us at: +91 7259222234

Not sure? Consult Our Experts

What is the sum of 3 + 4? (security question)

Looking for a Training for

Myself

My Team/Organization

I agree to be contacted over mail or phone

or
Call us at: +91 7259222234

Subscribe to our weekly newsletter