W88live | Dien dan w88 vn | W88.com | W88club | W88top

W88live | Dien dan w88 vn | W88.com | W88club | W88top.

You are not logged in.

#1 2020-09-13 09:46:16

MadelineHo
Member
Registered: 2020-09-13
Posts: 1

Training Course: Testing Web Application Security

Training Course: Testing Web  Application  Security.
This course provides the knowledge and skills Testers need to detect security vulnerabilities in web applications using a combination of manual and automated methods.  Testing Web Application security is not intuitive and to be effective you need an  understanding  of web application design, HTTP, Javascript, browser behavior, and potentially other technologies such as AJAX, JSON, and XML.
This course is designed for experienced QA staff who wish to gain the skills and learn the techniques necessary to accurately and thoroughly assess the security of web  applications .
2 Days.
Recognize common web  application  security vulnerabilities and how to determine if they are present in web applications.
Recognize web  application  design assumptions and how to exploit them.
Be familiar with the  capabilities  of various Browser Proxies.
Be familiar with the  capabilities  of various Penetration Testing tools.

Be prepared to detect Access Control Vulnerabilities
Be prepared to detect SQL Injection Vulnerabilities

Be prepared to detect Cross-Site Scripting (XSS)  Vulnerabilities .
Be prepared to detect  Authentication  and Session Vulnerabilities.
Be prepared to test web  application  security.
Ideally, the classroom environment should support the technologies employed within the firm in regards to the Web Server, testing tools, and database.
Burp Suite (Free or Professional).
OWASP Zed Attack Proxy (ZAP).
Firefox  with TamperData.

Access to a Quality Assurance (QA) Enviroment… OR:

A Web Application Server Environment, such as:  Java 2 Standard Edition (J2EE).
Microsoft C#.
NET Studio.
Apache and PHP.
AND a Database Management System, such as:  Apache Derby.
SQL Server Express.
Application Security and the SDLC.
A solid understanding of either Java and JSPs, OR C#.
NET and ASPs, OR PHP.
Topic 2:     A Taxonomy of Web Application Vulnerabilities.
Debug Info in Prod.
Denial of Service.
Failure to Respond to Attack.
Failure to Verify Integrity.
HTTP.
Information Leakage.
Injection.
Insecure Coding.
Insecure I/O.
Insecure Platform.
Intentional.
Poor Access Control.
Poor Certificate Management.
Poor Input Validation.
Poor Password Management.
Poor Session Management.
Race Condition.
Replay.
Sensitive Info Exposure.
Trusting DNS.
Lab Exercise: The OWASP Top 10.
Topic 3:     Using a Web Proxy.
Viewing Web Page Source.
Example: Tamper Data.
Violating Designer Assumptions.
Errors vs.
Unexpected Behavior.
Crafting Malicious Input.
Example: Burp Proxy.
Example: OWASP ZAP.
Topic 4:     Detecting XSS.
What is Cross-site Scripting ?.
Example: Cross-site Scripting.
Detecting XSS Vulnerabilities.

Case Study: But I don’t Like Spam

Lab Exercise: XSS Attacks.

Topic 5:     Detecting SQL Injection

What is SQL Injection ?.

Case Study: I Still Don’t Like Spam

Detecting SQLi Vulnerabilities.
Lab Exercise: SQLi Attacks.

Topic 6:     Detecting Command Injection

What is Command Injection ?.
Case Study: Do the Math.

Detecting Command Injection Vulnerabilities

Other Injection Attacks.
Lab Exercise: Taking Command.

Topic 7:     Detecting Access Control Vulnerabilities

Password Strength & Management.
Testing for Account Enumeration.
Navigate Your Way.

Testing for Client Side Access Control

Roles, Accounts, and Permissions.
Testing for Cross-site Request Forgery.
Testing for Path Traversal.
Testing for Horizontal Escalation.
Testing for Replay.
Testing for Session Fixation.
Testing for Session Termination.
Lab Exercise: Out of Control.
Topic 8:     Detecting Other Vulnerabilities.
Parameter Mayhem.
Sensitive Information Exposure.
Event Timing.
File Uploads and Transfers.
Testing for Denial of Service.
Lab Exercise: Go Get ‘Em.
Topic 9:     Miscellaneous Topics.

Security Manager Design Pattern

The OWASP ESAPI.

Appendix     Web Application Vulnerability Taxonomy

Appendix     Summary of Special Characters.
For more information or to register for this training course, call 1-800-840-2335 or  on our website.
[email protected]
Training Course: Testing Web Application Security.
Theme:  by aThemes.

Offline

Board footer

Powered by FluxBB