This course is an introduction to the world of web application security testing. It is designed to walk testers through every step of web application penetration testing, arming them with the knowledge and tools they will need to begin conducting their own security testing. The course will teach the participants how to think like a security engineer by creating and executing a security test plan. Participants will be exposed to the common web application vulnerabilities, testing techniques and tools by a professional security tester.Module 1 – Introduction
Participants | Familiarization with course material | Familiarization with the protocols and timings | Expectation setting and clarifications | Class Exercises & Cases | Necessity of Pre-Requisites
Module 2 -Introduction to Application Security
What is It-Security | Dealing with IT security | Definition: Application Security | Defense in Depth | firewalls SSL Recent examples | Applications are the main gateway Targets | Widespread weaknesses | Web application vulnerabilities | HTTP Basics | Never trust the client! | Manipulation of HTTP data – Web Pro | burp suite – Port Swigge
Module 3 – Application Security Risks & Vulnerabilities
OWASP Top 10 (2010) | OWASP Top Ten Risk Rating | OWASP A1 and A2 | OWASP A3 and A4 | OWASP A5 and A6 | OWASP A7 and A8 | OWASP A9 and A10 | Input validation | Best Practices for validation | Validation techniques (Java) | Validation in applications: SO NOT! | Bean Validation in Web Applications | Regular expressions – Best Practices | Password policies | Storage (password) hashes | Privileged passwords
Module 4 – Widespread Attacks & Vulnerabilities
What is Cross Site Scripting? | Cross Site Scripting Introduction | Cross Site Scripting | Cross Site Scripting Exploit | XSS (diagram) | Countermeasures: Output Encoding | What is Phishing? | HTML Injection | Frames and iFrames | Frame Example | What is SQL Injection? | SQL Injection (1 = 1 attack) | SQL Injection (concatenation of expressions | Using comments Logins without password | Using error messages | Other types of injection attacks | Command Injection | LDAP Injection | XPath Injection | Malicious files | XML Entity bomb | What is Cross Site Tracing? | HTTP Trace Example | Cross-site tracing exploit | What is Cross Site Request Forgery? | CSRF Basics | CSRF (chart) | URL Encoding | Path Traversal | What is Session Fixation? | Session Fixation Example | Countermeasures | What is direct object referencing? | Example 3-59 manipulation | The attack (Version 1) | Predictable Resource Location | Countermeasures | What is an information leak? | Examples: Incorrect error handling | Best Practices for cryptography |Random numbers and cryptography | Unaudited order and redirects | Countermeasures
Module 5 – Introduction to Automation for Security
IBM Rational AppScan | Acunetix | Nikto | Wikto | Google Web App Scanner | Advantages of Manual and Automated Security | Testing