Web Application Security Certification Course

Monday, December 23, 2024

bombay_chambers_years_exp
Web Application Security Certification Course

Web Application Security Certification Course

by
425 425 people viewed this event.

Web application security involves the security of websites and web applications. The principles of application security is applied primarily to the Internet and Web systems. WAS enables the cybersecurity workforce to learn, hack, test, and secure web applications from existing and emerging security threats in the industry verticals.

An overview of web applications will be the opening topic for this course. This will be followed by an introduction to web application security and its dissimilarity to network security. Web Application Security (WAS) scanners and testing, Data Handling, Authentication & Access Control, Sensitive Data Protection, Data Assessment and Mobile Security will be explained and defined. Tips on securing your web application will also be studied in this course.

Contents:

Day – I Day – II
Introduction and Objectives

· Conduct Search Engine Discovery and Reconnaissance for Information Leakage

· Enumerate Applications on Webserver

· Review Webpage Comments and Metadata for Information Leakage

· Identify application entry points

Data Handling

· Injection Flaws (e.g., NoSQL Injection, Code Injection, Command Injection)

· Cross-Site Scripting (XSS) (e.g., Reflected, Stored, DOM)

· Denial of Service (e.g., Failure to Release Resource)

Authentication and Access Control

· Authentication (e.g., Username Enumeration, Improper Authentication)

· Session Handling (e.g., Exposed Session Tokens, Weak Session Token Generation, Insufficient Session Expiration)

· Cross-Site Request Forgery

· Access Control (e.g., Insecure Direct Object Reference, Missing Function Level Access Control)

OWASP Top 10

· Broken access controls

· Cryptographic failures

· Injection

· Insecure design

· Security misconfiguration

· Vulnerable and outdated components

· Identification & authentication failures

· Software and data integrity failures

· Insufficient logging & monitoring

· Server-side request forgery (SSRF)

OWASP Testing Framework· Phase 1: Before Development Begins

· Phase 2: During Definition and Design

· Phase 3: During Development

· Phase 4: During Deployment

· Phase 5: Maintenance and Operations

Sensitive Data Protection

· Insecure Cryptography (e.g., Insecure Randomness, Insufficiently Protected Credentials, Exposed key)

· Sensitive Data Storage (e.g., Plain text storage of passwords or sensitive information)

· Insufficient Transport Layer Protection (e.g., Unprotected Transport of Credentials, Weak Algorithm or Protocol Use)

Database Assessment

· Importance of SQL Injection

· Automating Attacks

Introduction to Mobile Security

· Hack Android & iOS Mobiles

· Mobile Control via Malware

· OWASP Top 10 Mobile

Who should attend:

Penetration Tester, Ethical Hacker, Web Application Penetration, Tester/Security Engineer, Auditor, Red Team Engineer, Information Security Engineer, Risk/Vulnerability Analyst, Vulnerability Manager, Incident responder

Trainer Profile:

Kuldeep possess 12 years of experience in IT infrastructure and cyber security training, He is a Principal Corporate Technical Trainer at SME and Consultant, a leading provider of customized and innovative learning solutions.

He holds CISM, Security+, CYSA+, CSAP, ECSA, CSA, CHFI certifications, as well as skills in Cyber security, information security, Network security, firewall, VAPT, OWASP, and ethical hacking. He had delivered engaging and effective training programs, both online and in-person, for various sectors, including government, banking, telecom, education, and manufacturing. He has designed and developed course content, study notes, and assessments, tailored to the needs and levels of the audience.

His mission is to help organizations and individuals enhance their IT and cyber security competencies and capabilities, and to foster a culture of security awareness and best practices.

Participation Fee:

Members Rs. 10,000/- +18% GST per participant
Non-Members Rs. 12,000/- 18% GST per participant

 

Bank Details for NEFT
Account No. 10996680930
IFSC CODE SBIN0000300
Bank Name State Bank of India
Branch Address Mumbai Main Branch

Cheque /Demand Draft should be drawn in favor of “BOMBAY CHAMBER OF COMMERCE AND INDUSTRY”

Contact Details :

Revati Khare
Email : revati.khare@bombaychamber.com
Tel : + 91 22 6120 0231

Additional Details

Organizer name -

Venue Name -

Event Fees Type

paid_event

Event or Seminar - Workshop

To register for this event email your details to example@gmail.com

Register using webmail: Gmail / AOL / Yahoo / Outlook

 

Date And Time

April 14, 2024 10:00 AM to
April 16, 2024
 

Location

 

Event Types

 

Event Category

Share With Friends

instagram default popup image round
Follow Me
502k 100k 3 month ago
Share