Web Application Security Testing
Web applications play a vital role in every modern organization. But, if your organization does not properly test and secure its web apps, adversaries can compromise these applications, damage business functionality, and steal data. Unfortunately, many organizations operate under the mistaken impression that a web application security scanner will reliably discover flaws in their systems. Through this course, students will come to understand major web application flaws and their exploitation and, most importantly, learn a field-tested and repeatable process to consistently find these flaws and convey what they have learned to their organizations. Even technically gifted security geeks often struggle with helping organizations understand risk in terms relatable to business. Much of the art of penetration testing has less to do with learning how adversaries are breaking in than it does with convincing an organization to take the risk seriously and employ appropriate countermeasures.
The target audience for the program are professionals with minimum of two years of experience with regards to various phases of Software Development Life Cycles and Software Testing, and should be involved with any / all / either of the functions given below:
- Head of Testing
- Test managers
- Project Managers
- Test leads
- Sr Test Engineers
Module 1 – Introduction to Class
- Introduction to Class
- Familiarization with course material
- Familiarization with the protocols and timings
- Expectation setting and clarifications
Module 2 – Introduction to Application Security
- What is IT-Security
- Dealing with IT security
- Definition: Application Security
- Defense in Depth
- Firewalls
- SSL
- Targets
- Widespread weaknesses
- Web application vulnerabilities
- HTTP Basics
- Never trust the client!
- Manipulation of HTTP data – Web Pro
- burp suite – Port Wigger
Module 3 – Application Security Risks and Vulnerabilities
- OWASP Top 10 (2010)
- OWASP Top Ten Risk Rating
- OWASP A1 and A2
- OWASP A3 and A4
- OWASP A5 and A6
- OWASP A7 and A8
- OWASP A9 and A10
- Input validation
- Best Practices for validation
- Validation techniques (Java)
- Validation in applications: SO NOT!
- Bean Validation in Web Applications
- Regular expressions – Best Practices
- Password policies
- Storage (password) hashes
- Privileged passwords
Module 4 -Widespread Attacks and Vulnerabilities
- What is Cross Site Scripting?
- Cross Site Scripting Introduction
- Cross Site Scripting
- Cross Site Scripting Exploit
- XSS (diagram)
- Countermeasures: Output Encoding
- What is Phishing?
- HTML Injection
- Frames and iFrames
- Frame Example
- What is SQL Injection?
- SQL Injection (1 = 1 attack)
- SQL Injection (concatenation of expressions
- Using comments
- Logins without password
- Using error messages
- Other types of injection attacks
- Command Injection
- LDAP Injection
- XPath Injection
- Malicious files
- XML Entity bomb
- What is Cross Site Tracing?
- HTTP Trace Example
- Cross-site tracing exploit
- What is Cross Site Request Forgery?
- CSRF Basics
- CSRF (chart)
- URL Encoding
- Path Traversal
- What is Session Fixation?
- Session Fixation Example
- Countermeasures
- What is direct object referencing?
- Example 3-59 manipulation
- The attack (Version 1)
- Predictable Resource Location
- Countermeasures
- What is an information leak?
- Examples: Incorrect error handling
- Best Practices for cryptography
- Random numbers and cryptography
- Unaudited order and redirects
- Countermeasures
Module 5 -Introduction to Web Application Security Testing Tools
- IBM Rational AppScan
- Acunetix
- Nikto
- Wikto
- Google Web App Scanner
- Advantages of Manual and Automated Security Testing
