Call Us : 080-69990990
Mail Us : info@bytecodebangalore.com
Follow Us :

Home » Web Application Security

Web Application Security

BYTECODE CERTIFIED WEB APPLICATION SECURITY EXPERT

Web application security is a branch of Information Security that deals specifically with security of websites, web applications and web services. At a high level, Web application security draws on the principles of application security but applies them specifically to Internet and Web systems. Typically web applications are developed using programming languages such as PHP, Java EE, Java, Python, Ruby, ASP.NET, C#, VB.NET or Classic ASP.

WEB APPLICATION SECURITY CERTIFICATION EXAM

COURSE EXAM CODE NORMAL & STEADY TRACK FAST & FURIOUS TRACK
Web application security 7 4
Course duration: 60 Hours
Pre - Requisite: Basic Knowledge of Internet
Fee Included: Training, Books, E-Books, Tools, Software and certification
Free: 2 years free membership of BYTECODE HACKING Team

 

  • COURSE CONTENT
    • WEB APPLICATION SECURITY

      HTTP BASICS

      How HTTP works?
      Different Request methods
      HTTP request/response examples
      Understanding HTTP error codes
      Use of cookies
      How to detect cookies
      Using HTTP interceptor tools
      Exercise
      Using Paros to intercept HTTP traffic
      Web Application Security

      WHY WEB APPLICATION SECURITY

      Understanding difference between network and application security
      Introduction to WASC
      Introduction to OWASP top 10
      Learning OWASP Vulnerabilities ( Concept + Threat Modeling + Finding out the vulnerability in a web application)
      XSS concepts.

      SQL INJECTION CONCEPTS

      Broken Authentication and Session Management

      LEARNING OWASP VULNERABILITIES CONTINUED

      Cross-Site Request Forgery (CSRF)
      Security Misconfiguration
      Insecure Cryptographic Storage
      Failure to Restrict URL Access
      Insufficient Transport Layer Protection
      Unvalidated Redirects and Forwards
      Malicious file execution
      Improper error handling

      INTRODUCTION TO WEB INSPECT

      Learn what Web Inspect is
      Installation and licensing policy
      Understand how Web Inspect works and what types of security issues it finds
      Overview of the tool
      Typical workflow
      Preparation required before using this tool

      SESSION 1: INTRODUCTION AND CASE STUDY

      Module 1: Web Hacking Case Studies
      Module 2: Business Risks from Application Vulnerabilities

      SESSION 2: WEB 2.0 SECURITY

      Module 3: What is Web 2.0?
      Module 4: AJAX Vulnerabilities
      Module 5: What are Web Services?
      Module 6: Web Services Vulnerabilities

      SESSION 3: THREAT MODELING – WEB APPLICATION SECURITY CONTROLS

      Module 7: Application Security – An Overview
      Module 8: Threat Modeling – Objectives
      Module 9: Threat Modeling – Meaning and terminology
      Module 10: Hacker’s Interest Area
      Module 11: Threat Profiling
      Module 12: Practical Considerations
      Module 13: Case Study

      SESSION 4: INTRODUCTION TO WEB APPLICATION VULNERABILITIES

      Module 14: OWASP Top Ten
      Module 15: OWASC List of Vulnerabilities

      SESSION 5: FUNCTIONAL V/S SECURITY TESTING

      Module 16: What is Functional testing?
      Module 17: What is Security testing?
      Module 18: Differences
      Module 19: Tools for Functional and Security testing

      SESSION 6: WEB APPLICATION IN-SECURITIES PRACTICAL HANDS-ON

      Module 20: Demo of web vulnerabilities with insecure web applications

      SESSION 7: SECURE CODING TECHNIQUES

      Module 21: Best Practices
      Module 22: Secure J2EE Programming
      Module 23: Secure .NET Programming
      Module 24: Secure PHP Programming

      SESSION 8: SIGNIFICANT OWASP PROJECTS

      Module 25: OWASP Development Guide
      Module 26: OWASP Testing Guide
      Module 27: OWASP Code Review Guide

      SESSION 9: FLASH ATTACKS

      SESSION 10: IFRAME ATTACKS

      SESSION 11: CONTINUOUS SECURITY TESTING AND ASSESSMENTS

      Module 28: Risk based approach
      Module 29: Risks from Outsourcing
      Module 30: Conducting VAPT, Source code audits, Infrastructure reviews

  • BENEFITS
    • BENEFITS OF ACHIEVING THIS CERTIFICATION

      Training by best security expert or well experienced trainers.

      International BYTE CODE Training Certification + 2 years free membership of BYTE CODE

      Training under the interactive and lab intensive environment equips the professionals with in-depth knowledge.

      The course tools and programs are preloaded on the iLabs machine and hence saves productive time and effort.

      The professionals can confirm their potentials of being an expert in security systems.

      Learning from the experienced and leading experts.

  • PACKAGE DETAILS
    • COMPLETE PACHAGE DETAILS FOR INDIAN & INTERNATIONAL STUDENTS

      Our Package includes:

      Official Training by certified instructors

      Head-2-Head training by Certified Subject matter experts

      Highly interactive lectures, group exercises, and review sessions

      Intensive Hands-on Training

      2 years membership of bytecode international training group

      Chance to become country representative for bytecode

      Certification Exam Fees Included.

      Individual study environment

      Training Environment

      Practical live hacking

      Concept based training

      24/7 High speed internet connectivity

      Limited candidates in class

      Stay, food( breakfast, lunch and dinner)

      Post training support after training & certification

Email ID: info@bytecodebangalore.com
Tel No.: 080-69990990

ENQUIRE NOW



TALK TO US

Name: Mr. Anmol Gupta
Email: info@bytecodebangalore.com
Tel (HQ) : 080-69990990

BYTECODE LIKE US