Introduction to Web Application Security

Course Details

Security failures get more and more attention in the media because the impact becomes ever bigger. Organizations become more dependent on digital workflows and disruptions to these workflows can cause ever larger losses. These losses can be financial, but also with regards to reputation, customer satisfaction and even safety!

Every organisation that creates software should think about security. Unfortunately, this is often still not the case. Many people think security testing is some kind of wizardry that can only be understood by ‘gurus’. This is not the case.

This training is focused on all members of your development team (testers, developers, but also product owners, business analysts, helpdesk and others). It teaches the basic concepts of security and how prevent security mistakes from being made. It is a highly practical training with examples, exercises and discussions on security aspects with a focus on Web Applications.

You will learn that security is the responsibility of all, permeates to all levels of the software development effort. Many security failures can be prevent with basic security measures that can be implemented with limited technical knowledge.

Modules

Skills Gained

Know why security and security testing is important

Integrate basic security development practices and tests into the software development lifecycle

Identify and test on a basic level the OWASP Top 10

Install basic prevention methods for the OWASP top 10

Day 1

Introduction

Why is security important

Where are the security problems

Security test process

How to test security

What is OWASP?

OWASP Top 10

Injection

Broken Authentication and Session Management

Sensitive Data Exposure

XML External Entities (XXE)

Broken Access Control

Security Misconfiguration

Cross Site Scripting (XSS)

Insecure Deserialization

Using Known Vulnerable Components

Insufficient Logging & Monitoring

Laptop requirements

Laptop Hardware Requirements

8 GB of hardware memory

64-bit processor

64 GB free disk space (at least)

Wireless (802.11) network adapter

USB ports (not restricted)

BIOS / processor support for Virtualization

Please verify that virtualization is supported on your laptop prior to coming to class

Laptop Operating System Requirements

Microsoft Windows 7 or later as the host operating system

Students must be local administrator of this host operating system

Students must know all BIOS or other passwords used on the system

No Group Policy Objects (GPOs) or other similar OS restrictions should be in place, ideally this laptop should not be a member of any domain prior to class.

Prerequisites

Familiarity with development or testing concepts

Some basic knowledge of networking, programming, HTML, HTTP, SQL

Laptop with local administrator rights, to install virtualization software to sample the OWASP top 10

To subscribe, or request more information, please fill in the form below or send an email to info@tesuqa.com

Please follow this link to understand the cancellation policy we use

tesuqa is accredited as training provider for the Flemish KMO Portefeuille, please ask if you are eligable for this discount.