Web Application Security professional

Who should attend?

Anyone who is interested for securing Web application security and  IT professionals, and web app developers, testers, designers,Project mangers can  Join this course.

Basic Terminologies of Web application Security and Standards
  • Introduction to WAPT
  • Global Standards & Frameworks
  • OWASP top 10 & WAPT Testing Guidelines
  • Web Technologies – front-end and back-end technology
  • Web application architecture
  • Http Methods,Error Codes, Cookie Basics , Frameworks etc.
Vulnerability Assessment and Automated Scanning Analysis
  • Website Reconnaissance and Foot printing
  • Types of Professional WAPT
  • Open & Closed source Tools and Testing Methodologies
  • Burp suite Essentials 
  • Metasploit & Brute Force Essentials
Next Gen Web App Sec Terminologies
  • Business Logic Testing Flows
  • Threat Modelling
  • Agile Methodology 
  • Secure SDLC
  • DevSecOps
  • Bug Bounty Approch to Hunt Bugs in Real Time
Manual Web Application Security Attacks
  • Header insecurities 
  • All Injection Flows ( Error,Blind,Time Based,User Agent,Stored,NoSql,Ldap etc.)
  • Server Side Injection Flows
  • Broken authentication & Session Flows 
  • Sensitive data exposure & Improper Error handling
  • Access control Flows 
  • File & Resource Attacks 
  • Security misconfiguration
  • Cross-site scripting & WAF Bypassing
  • Cross Site Request Forgery & Defacing Website
  • Insecure Deserialization 
  • Using components with known vulnerabilities
  • Insufficient logging & monitoring
  • Beyond owasp attacks 
  • AJAX , JSON, JQuery Attacks
  • Web services testing &  Attacks 
  • Penetration testing activities against CMS
Countermeasures
  • OWASP countermeasures
  • Server Auditing & Configuration Review
Professional Web Application Report Writing
  • Guidelines to make WAPT report
  • Revalidation report