Introduction to Web Application Security

This one day course is designed for every audience (Developers, QA, Managers, DBA, IT, Auditors, etc). This engaging class will make the students think differently and see application with a completely different perspective: “the hacker’s perspective”. After taking this class, students will be able to understand basics of web application security, common web application attacks, how they work and strategies to prevent these attacks.  This course will help participants to:

  1. Understand the elements that make a web application an easy target.
  2. Understand what these web application vulnerabilities are, how they manifest into a website and how they can be exploited.
  3. Understand how a hacker approaches his target and how he finds these vulnerabilities in a website.
  4. Understand hacker’s tools and techniques.
  5. Understand how to identify and fix the vulnerabilities in a web application.

Course Outline

  • Overview, case studies and various types of web application vulnerabilities
  • Hacker’s Toolset: HTTP, HTML, JS, FLASH and AJAX
  • Reconnaissance
  • Authentication
  • Authorization (Fuzzing and Privilege Escalation)
  • Session Management
  • Cross Site Scripting (XSS)
  • Cross Site Request Forgery (CSRF)
  • SQL Injection and Blind SQL Injection
  • Encryption

Structure of each module

  • Overview of the attack,
  • Explain the type of attack,
  • Real case study on this type of attack,
  • Interactive Lab sessions on how this attack works on a feature rich fully functional website,
  • Solutions to prevent this type of attack.

Target Audience

  • Developers
  • QA
  • Managers
  • DBA
  • IT
  • Information Security
  • Auditors

Pre-requisites

  1. Familiarity with Firefox.

Duration – One day

Facility Requirement

  1. Projector
  2. Whiteboard
  3. Computer (Desktop/Laptop) with windows and firefox browser
  4. Internet connection

Contact: sales (at) myappsecurity (dot) com