X

Course Dates


Timing: 9am – 6pm
Duration: 2 days
Course Fee (excluding GST) $1500
7% GST on Nett Course Fee $105
Nett Fee Payable (inclusive of GST) $1605



Register Now

Web Application Security Testing and Verification Course

What Will Be Taught For This Web Application Security?

This course is design for Organizations that develop software and need to comply with a variety of complex, ever-changing regulations.

 

Course Outline

The Processes – Hands-On Labs on Application Testing & Verification

  • One important aspect is to test for application vulnerabilities. During this practical hands-on, an introduction is provided together with some test cases from OWASP Broken Web Application project.
  • Reference materials include:
    • OWASP’s Application Security Verification Standard (ASVS)
    • OWASP Testing Guide
    • OWASP’s Enterprise Security API (ESAPI)
  • OWASP's Application Security Verification Standard (ASVS) contains over 120 items but due to time constraint, the hands on lab will focus only on the following most relevant details with over 83 major controls:
    • Application Architecture
    • Authentication
    • Session Management
    • Authorization
    • Input validation
    • Output Encoding
    • Cryptography
    • Data Protection
    • Communications Security
    • HTTP Security
    • Security Configuration

The Technology - Tools might include the following:

  • OWASP Broken Web Applications
  • WebApp Vulnerability Scanner:
    • Accunetix
    • OWASP ZAP
    • WebScarab
    • Burp Suite
    • Selected Firefox plugins
  • OWTF (Offensive Web Testing Framework)
  • SamuraiWTF

Web application security is a moving target. New vulnerabilities and threats are discovered regularly. The following resources should provide you with enough pointers to serve both as reference and for further research:

  • Web Application Firewall with Apache ModSecurity
  • Log Files Analysis with Splunk

 

Learning Outcome

This 2-day hands on courseis specially designed to equip participant with the knowledge on:

  1. How hackers attack web applications
  2. How to test and verify your applications to determine whether they are vulnerable (with a focus on the OWASP Top 10).

 

Who Should Attend This Web Application Training?

  • This training is highly recommended for Application Project Managers and Application Owners who outsource the development of the applications, or as a metric to assess the level of trust in their vendors.
  • Developers who are interested in learning on securing their cyber applications, such as what security controls to implement in the design to satisfy application security requirements.
  • Organisations involved in software development and need the necessary training and insights to comply with a wide array of complex regulations.
Enquiry Form