Advanced Web Application Security Philippines

 Advanced Web Application Security

This course introduces you to Web application security. It presents today's most critical Web application security vulnerabilities, as well as principles for secure coding and solutions for fixing such vulnerabilities. The course also introduces some best practices for taking Web application security into account during the Software Development Life-Cycle (SDLC). 

The speaker will explain and demonstrate the different exploitation techniques, in order to show the attendees the real risks related to these vulnerabilities.

Participants will be exposed to the common web application vulnerabilities, testing techniques and tools by a professional security tester.

Who Should Attend:

• Faculties

• System Administrators

• IT Managers

• Web developers

• Web managers

• Quality assurance personnel

• Interested individuals 

COURSE OUTLINE:  

1. 1.       Application Security Fundamentals and Principles 

• The evolution of applications
• Threats to an application
• Application security trends
• The spectrum of application security attacks 

1. 2.       Application Components and Protocols 

• Understanding multilayered application architecture
• Programming languages used in applications - J2EE, .NET, PHP, etc.
• Inside HTTP, HTML forms and browser interaction
• Introduction to tools useful for testing applications
• Web Server configuration
• Web server vulnerabilities
• Fingerprinting web servers and application servers
• Security controls pertaining to web servers and their deployment 

1. 3.       Application Footprinting, discovery and profiling applications 

• Host and Domain discovery
• Discovering web applications and interfaces
• Discovering the functional structure of applications - the hacker's viewpoint
• Advanced techniques - discovering Web services and Web applications
• Profiling Web services and applications
• Ajax fingerprinting
• Profiling Ajax applications
• Server-side entry point detection 

1. 4.       Application Attack Vectors 

• Mapping assets to attacks
• Sifting through HTML source
• Forcing application layer errors
• Information leakage through error messages
• Source code disclosure
• Input tampering and input validation attacks
• SQL injection and attacks on the database
• Injecting malicious code and remote command exec
• Accessing the underlying file system
• Brute forcing HTTP authentication
• Brute forcing HTML form authentication
• Session Hijacking
• Cross Site Scripting (XSS) attacks
• Cross Site Request Forgery (XSRF) attacks 

1. 5.       Threat Modelling 

• Threat analysis
• Architecture review
• Technologies and Source Code
• Threat matrix
• Security controls for code
• Design analysis and review 

1. 6.       Assessment methods 

1. 7.       Application Attack countermeasures 

1. 8.       An Introduction to Advanced Application Architectures 

1. 9.       Advanced Web attacks 

1. 10.    Securing Code and Defense 

1. 11.    XML and Web Services 

1. 12.    Web Fuzzing and Exploits 

1. 13.    Client side coding 

Seminar Package: Materials, Certificate, AM/PM and Lunch 

Duration: 1 Day (9:00 AM – 5:00 PM)  

Venue:  Unit 1110 Cityland Shaw Tower. St. Francis Street corner Shaw Blvd.  Mandaluyong City

If you have other concerns, please do not hesitate to contact us and we will be glad to assist you. 

REGISTER NOW

Limited Seats Only!

Please call us for reservation / inquiry

Tel.  (362)654.9537

Or text / call + 639 2610.69134

Look for Jud

judy@bitshieldsecurity.com