Application Security

About this course

This course has been designed to train future security analysts, architects and system auditors to enable them to deploy manage and protect mobile and web based applications. As traditional defenses like firewalls prove inadequate against threats, this course deals with protecting applications through the use state-of-the-art techniques like server configuration, authentication mechanisms, and application language configuration. It also focus on mitigating the effect of application coding errors like SQL injection and cross-site scripting.
Objective
• Assess applications and associated threats
• Understand the role of authentication and authorization in web-based applications
• Evaluate web application security vulnerabilities
• Identify application security controls and risk mitigation techniques
• Develop a security strategy and solution for securing web-based applications
• Assess application security compliance requirements and objectives
Syllabus
• Application Discovery
• Mapping & Web Crawling
• Server & Application Fingerprinting
• Admin interfaces
• Authentication scenarios
• Brute force & Dictionary attacks
• Password Management
• SSL mechanisms
• Bypassing weak CAPTCHA mechanisms
• Authorization Management RBAC, bypassing
• Web based security management, Open redirect
• Http session Management
• Http session Management
• Client side validation attacks
• File security management
• SQL injection
• Common implementation mistakes – authentication bypassing using SQL Injection
• Cross Site Scripting (XSS)
• Session management techniques
• Cookie based session management
• Cookie properties
• Cookies tampering