WASECM - Web application security masterclass - Online Training - English - Webinar von Fast Lane Institute for Knowledge Transfer
Inhalte
Day 1
- Cyber security basics
- What is security?
- Threat and risk
- Cyber security threat types – the CIA triad
- Consequences of insecure software
- Constraints and the market
- The OWASP Top Ten 2021
- The OWASP Top 10 2021
- A01 - Broken Access Control
- Access control basics
- Missing or improper authorization
- Failure to restrict URL access
- Lab – Failure to restrict URL access
- Confused deputy
- File upload
- Open redirects and forwards
- Cross-site Request Forgery (CSRF)
- A02 - Cryptographic Failures
- Information exposure
- Cryptography for developers
- A02 - Cryptographic Failures (continued)
- Cryptography for developers
- Certificates
- Transport security
- A03 - Injection
- Input validation
- A03 - Injection (continued)
- Injection principles
- Injection attacks
- SQL injection
- Parameter manipulation
- Code injection
- HTML injection - Cross-site scripting (XSS)
- A04 - Insecure Design
- Client-side security
- A05 - Security Misconfiguration
- Configuration principles
- Server misconfiguration
- Cookie security
- XML entities
- A06 - Vulnerable and Outdated Components
- Using vulnerable components
- Assessing the environment
- Hardening
- Untrusted functionality import
- Vulnerability management
- A07 - Identification and Authentication Failures
- Authentication
- Session management
- Password management
- Single sign-on (SSO)
- A08 - Software and Data Integrity Failures
- Integrity protection
- Subresource integrity
- Insecure deserialization
- A09 - Security Logging and Monitoring Failures
- Logging and monitoring principles
- Insufficient logging
- Case study – Plaintext passwords at Facebook
- Log forging
- Log forging – best practices
- Logging best practices
- Monitoring best practices
- Firewalls and Web Application Firewalls (WAF)
- Intrusion detection and prevention
- Case study – The Marriott Starwood data breach
- A10 - Server-side Request Forgery (SSRF)
- Server-side Request Forgery (SSRF)
- Case study – SSRF and the Capital One breach
- Web application security beyond the Top Ten
- Denial of service
- Security testing
- Security testing techniques and tools
- Code analysis
- Dynamic analysis
- Finding specific vulnerabilities
- Cross-site scripting (XSS)
- Password auditing
- Using password cracking tools
- Lab – Password audit with John the Ripper
- Proxies and sniffing
- Proxy servers and sniffers
- Sniffing – tools and considerations
- Lab – Using a proxy
- Security testing techniques and tools
- Wrap up
- Secure coding principles
- And now what?
Day 1
- Cyber security basics
- What is security?
- Threat and risk
- Cyber security threat types – the CIA triad
- Consequences of insecure software
- Constraints and the market
- The OWASP Top Ten 2021
- The OWASP Top 10 ...
Lernziele
- Getting familiar with essential cyber security concepts
- Understanding how cryptography supports security
- Understanding Web application security issues
- Detailed analysis of the OWASP Top Ten elements
- Putting Web application security in the context of any programming language
- Going beyond the low hanging fruits
- Input validation approaches and principles
- Managing vulnerabilities in third party components
- Getting familiar with security testing techniques and tools
- Getting familiar with essential cyber security concepts
- Understanding how cryptography supports security
- Understanding Web application security issues
- Detailed analysis of the OWASP Top Ten elements
- Putti ...
Zielgruppen
Web developers
Termine und Orte
| Datum | Uhrzeit | Dauer | Preis | ||
|---|---|---|---|---|---|
| Webinar | |||||
| 15.07.2024 - 19.07.2024 | 10:00 - 17:30 Uhr | 37 h | Mehr Informationen > | ||
| 04.11.2024 - 08.11.2024 | 10:00 - 17:30 Uhr | 37 h | Mehr Informationen > | ||