Web Application: Attacks and Defense - Advanced Edition

Overview:
The program focuses on web application security - the problems that occur in the design and implementation of a web programming, and how to find and fix security flaws, and provide candidates with extensive understanding of research techniques and evaluation and different types of tools to find and fix these security flaws.

Program Objective
This program is designed and developed with following objectives for security professionals:

* Web application security topics
* Web attacks increasing
* Evaluation methods
* Methods and technologies
* Web application attack vectors
* Secure coding and defense
* Many hands on challenges

Aim Audience:

* Security consultants and masters
* Web engineers
* Auditors
* Application programmers

Requirements:
Students should have the following prerequisite knowledge before attend this program:

* Students should have basic knowledge of Windows and Unix systems
* Students should have Elementary knowledge of networking
* Students should have fundamental knowledge of web applications

Topics Covered:
In this three days training program candidates will learn about:

Schedule: Day-1
Module-1 Web Security Fundamentals and Concepts

* Web security trends and opportunities
* The development and security issues
* Learn about fundamentals of security threats
* Understand Security players and models
* Development of Web Applications
* Web application security concerns
* Q & A

Module-2 Learn about Methods, components and protocols
* Understand Web application assessment methods
* Understand Web Application Component
* Programming Languages
* Understand HTTP Protocol
* Laboratory

Module-3 Understand about Web application deployment and security
* Deployment problems
* Learn about Web server configurations
* Loopholes as directory searching and file access
* Understand Web Server Vulnerabilities
* Footprints of Web server
* Supporting deployment
* Laboratory

Module-4 Learn about Web Application footprinting, Find and Profiling
* Footprints of web application
* Host and domain footprints
* Collecting information on major networking
* Finding web applications
* Understand Profiling web applications
* Know about Attributes & Protection
* Laboratory

Schedule: Day-2

Module-5 Understand Web application attack vectors-I
* Assets to attacks mapping
* The source code sniffing
* Error management and exception management
* Source code disclosures
* Understand Input validation
* Laboratory

Module-6 Understand Web application attack vectors-II
* SQL injection
* Malicious code injection client or server side
* File system access
* Session Hijacking
* XPATH Injection
* Database hacking
* Laboratory

Schedule: Day-3

Module-7 Defense
* Security Control
* Encoding safe
* Mod security for open source
* Content filtering
* Laboratory

Module-8 Master Laboratory and Challenges