CSWAE Certified Secure Web Application Engineer

Similar documents
Certified Secure Web Application Engineer

Web Application Penetration Testing

"Charting the Course to Your Success!" Securing.Net Web Applications Lifecycle Course Summary

Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:

Curso: Ethical Hacking and Countermeasures

RiskSense Attack Surface Validation for Web Applications

Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:

Advanced Ethical Hacking & Penetration Testing. Ethical Hacking

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

Ethical Hacking and Prevention

C1: Define Security Requirements

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

OWASP Top 10 The Ten Most Critical Web Application Security Risks

Application. Security. on line training. Academy. by Appsec Labs

CPTE: Certified Penetration Testing Engineer

SINGLE COURSE. NH9000 Certified Ethical Hacker 104 Total Hours. COURSE TITLE: Certified Ethical Hacker

OWASP Romania Chapter

Attacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14

Advanced Diploma on Information Security

Course 831 Certified Ethical Hacker v9

Ethical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities

Course 831 EC-Council Certified Ethical Hacker v10 (CEH)

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Solutions Business Manager Web Application Security Assessment

01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED

Web Applications Penetration Testing

Andrew Muller, Canberra Managing Director, Ionize, Canberra The challenges of Security Testing. Security Testing. Taming the Wild West

Copyright

CEH v8 - Certified Ethical Hacker. Course Outline. CEH v8 - Certified Ethical Hacker. 12 May 2018

WAPT in pills: Self-paced, online, flexible access interactive slides. 4+ hours of video materials

Application Security through a Hacker s Eyes James Walden Northern Kentucky University

V8 - CEH v8 - Certified Ethical Hacker. Course Outline. CEH v8 - Certified Ethical Hacker. 03 Feb 2018

Bank Infrastructure - Video - 1

SECURITY TESTING. Towards a safer web world

Certified Vulnerability Assessor

Penetration Testing following OWASP. Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant

DIS10.1 Ethical Hacking and Countermeasures

Course 834 EC-Council Certified Secure Programmer Java (ECSP)

GUI based and very easy to use, no security expertise required. Reporting in both HTML and RTF formats - Click here to view the sample report.

Web Security, Summer Term 2012

Securing Your Web Application against security vulnerabilities. Alvin Wong, Brand Manager IBM Rational Software

Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any

Certified Ethical Hacker (CEH)

Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks

DIS10.1:Ethical Hacking and Countermeasures

This ethical hacking course puts you in the driver's seat of a hands-on environment with a systematic process.

.NET Secure Coding for Client-Server Applications 4-Day hands on Course. Course Syllabus

THREAT MODELING IN SOCIAL NETWORKS. Molulaqhooa Maoyi Rotondwa Ratshidaho Sanele Macanda

Engineering Your Software For Attack

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

EC-Council C EH. Certified Ethical Hacker. Program Brochure

90% of data breaches are caused by software vulnerabilities.

Development*Process*for*Secure* So2ware

Web Application Security. Philippe Bogaerts

SensePost Training Overview 2011/2012

Tiger Scheme SST Standards Web Applications


Ethical Hacker Foundation and Security Analysts Course Semester 2

Overview of Web Application Security and Setup

Matt Walker s All in One Course for the CEH Exam. Course Outline. Matt Walker s All in One Course for the CEH Exam.

Defend Your Web Applications Against the OWASP Top 10 Security Risks. Speaker Name, Job Title

Introduction to Ethical Hacking

OWASP TOP OWASP TOP

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

PRACTICAL WEB DEFENSE VERSION 1

Hands-On Hacking Course Syllabus

Application Security Approach

Ethical Hacking as a Professional Penetration Testing Technique ISSA Southern Tier & Rochester Chapters

Kishin Fatnani. Founder & Director K-Secure. Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009

Continuously Discover and Eliminate Security Risk in Production Apps

Vulnerabilities in online banking applications

EC-Council C EH. Certified Ethical Hacker. Program Brochure

CEH v8 - Certified Ethical Hacker. Course Outline. CEH v8 - Certified Ethical Hacker. 15 Jan

Configuring BIG-IP ASM v12.1 Application Security Manager

Aguascalientes Local Chapter. Kickoff

ECCouncil Exam v8 Certified Ethical Hacker v8 Exam Version: 7.0 [ Total Questions: 357 ]

WEB APPLICATION PENETRATION TESTING VERSION 2

Scanning. Introduction to Hacking. Networking Concepts. Windows Hacking. Linux Hacking. Virus and Worms. Foot Printing.

W e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s

Exploiting and Defending: Common Web Application Vulnerabilities

Your Turn to Hack the OWASP Top 10!

Certified Ethical Hacker

OWASP Thailand. Proxy Caches and Web Application Security. OWASP AppSec Asia October 21, Using the Recent Google Docs 0-Day as an Example

F5 Big-IP Application Security Manager v11

Practice Labs Ethical Hacker

OWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati

ETHICAL HACKING & COMPUTER FORENSIC SECURITY

Hacking 102 Integrating Web Application Security Testing into Development

Certified Ethical Hacker V9

Hacking by Numbers OWASP. The OWASP Foundation

Using Open Tools to Convert Threat Intelligence into Practical Defenses A Practical Approach

CompTIA Cybersecurity Analyst+

WAPTv2 at a glance: Self-paced, online, flexible access interactive slides and 5+ hours of video material. Downloadable material

C and C++ Secure Coding 4-day course. Syllabus

OPEN WEB APPLICATION SECURITY PROJECT OWASP TOP 10 VULNERABILITIES

Training Program Catalog SECURITY INNOVATION

Protect Your Application with Secure Coding Practices. Barrie Dempster & Jason Foy JAM306 February 6, 2013

CIS 700/002 : Special Topics : OWASP ZED (ZAP)

Threat Modeling for System Builders and System Breakers!! Dan Copyright 2014 Denim Group - All Rights Reserved

Client Portal FAQ's. Client Portal FAQ's. Why is the Portal more secure?

Transcription:

CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized criminal gangs, and foreign agents are able to exploit weaknesses in web applications. The Secure Web programmer knows how to identify, mitigate and defend against all attacks through designing and building systems that are resistant to failure. The secure web application developer knows how to develop web applications that aren t subject to common vulnerabilities, and how to test and validate that their applications are secure, reliable and resistant to attack. The vendor neutral Certified Secure Web Application Engineer certification provides the developer with a thorough and broad understanding of secure application concepts, principles and standards. The student will be able to design, develop and test web applications that will provide reliable web services that meet functional business requirements and satisfy compliance and assurance needs. The Certified Secure Web Application Engineer course is delivered by high level OWASP experts and students can expect to obtain real world security knowledge that enables them to recognize vulnerabilities, exploit system weaknesses and help safeguard against application threats. Upon Completion Upon completion, Certified Secure Web Application Engineer students will be able to establish industry acceptable auditing standards with current best practices and policies. Students will also be prepared to competently take the C)SWAE exam. Course Length 4 days** Format Instructor-led Live Online Training

Prerequisites A minimum of 24 months experience in software technologies & security Sound knowledge of networking At least one coding Language Linux understanding Open shell Student Materials Student Workbook Student Lab Guide Exam Prep Guide Certification Exam Mile2 s CSWAE- Certified Secure Web Application Engineer. Who Should Attend? Coders Web Application Engineers IS Managers Application Engineers Developers Programmers Course Outline Web Application Security Web Application Security Web Application Technologies and Architecture Secure Design Architecture Application Flaws and Defense Mechanisms Defense In-Depth

Secure Coding Principles OWASP TOP 10 The Open Web Application Security Project (OWASP) OWASP TOP 10 2013 Threat Modeling & Risk Management Threat Modeling Tools & Resources Identify Threats Identify Countermeasures Choosing a Methodology Post Threat Modeling Analyzing and Managing Risk Incremental Threat Modeling Identify Security Requirements Understand the System Root Cause Analysis Application Mapping Application Mapping Web Spiders Web Vulnerability Assessment Discovering other content Application Analysis Application Security Toolbox Setting up a Testing Environment Authentication and Authorization attacks Authentication Different Types of Authentication (HTTP, Form) Client Side Attacks Authentication Attacks Authorization Modeling Authorization Least Privilege Access Control Authorization Attacks

Access Control Attacks User Management Password Storage User Names Account Lockout Passwords Password Reset Client-Side Security Anti-Tampering Measures Code Obfuscation Anti-Debugging Session Management attacks Session Management Attacks Session Hijacking Session Fixation Environment Configuration Attacks Application Logic attacks Application Logic Attacks Information Disclosure Exploits Data Transmission Attacks Data Validation Input and Output Validation Trust Boundaries Common Data Validation Attacks Data Validation Design Validating Non-Textual Data Validation Strategies & Tactics Errors & Exception Handling Structured Exception Handling Designing for Failure Designing Error Messages Failing Securely

AJAX attacks AJAX Attacks Web Services Attacks Application Server Attacks Code Review and Security Testing Insecure Code Discovery and Mitigation Testing Methodology Client Side Testing Session Management Testing Developing Security Testing Scripts Pen testing a Web Application Web Application Penetration Testing Insecure Code Discovery and Mitigation Benefits of a Penetration Test Current Problems in WAPT Learning Attack Methods Methods of Obtaining Information Passive vs. Active Reconnaissance Footprinting Defined Introduction to Port Scanning OS Fingerprinting Web Application Penetration Methodologies The Anatomy of a Web Application Attack Fuzzers Secure SDLC Secure-Software Development Lifecycle (SDLC) Methodology Web Hacking Methodology Cryptography Overview of Cryptography Key Management Cryptography Application True Random Generators (TRNG)

Symmetric/Asymmetric Cryptography Digital Signatures and Certificates Hashing Algorithms XML Encryption and Digital Signatures Authorization Attacks NOTE: Student will use Kali Linux Lab Outline Module 1 Environment Setup and Architecture VM Image Preparation Checking Network connectivity between all VMs Discovering your class share (Optional, ask the Instructor) Navigating Linux Attack v3 Proxy Setup - Setting up Burp Suite Setting up Paros Setting up WebScrab OWASP TOP 10 2013 Injection Flaws - SQL Injection (AltoroMutual banking site) Injection Flaws String SQL Injection (OWASP Broken Apps WebGoat) Cross Site Scripting (XSS) Cross Site Request Forgery (CSRF) Threat Modeling Application Risk Assessment Define the Entry Points Define the Assets Define User Access Identify and Rate Risks Identify Security Controls Identify Threats Application Mapping & Analysis Enumerating Content and Functionality User-Directed Spidering

Discovering hidden content Brute-Force Techniques brute force DVWA o Form Based Authentication o Attacking Web Authentication Authentication and Authorization attacks Missing Function Level Access Control Sensitive Data Exposure Security Misconfiguration Using Components with Known Vulnerabilities Session Management attacks Hijack a Session Spoof an Authentication Cookie Session Fixation Broken Authentication and Session Management (AltoroMutual banking) AJAX Security Same Origin Policy Protection DOM-Based cross-site scripting Client Side Filtering Code Review and Security Testing Code Review Account Retriever o File Upload o XMLHelper Security Test Scripts o Create Test Scripts Writing Java Secure Code o Annex: Alternatives Labs WebGoat & WebScarab o Logging into WebGoat o Running WebScarab o Manipulating Data WebGoat - Cross Site Request Forgery (CSRF)

Missing Function Level Access Control Perform Forced Browsing Attackse

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback