Module 1 : Introduction to Web Application security
- Introduction to Web Applications.
- Understanding Web Application Architecture.
- HTTP Protocol Basics.
- HTTP Attack Vectors
- HTTPS vs HTTP.
- Introduction to VAPT.
- Introduction to Application Security.
- Application Security Risks.
- Case Studies.
Module 2 : OWASP Top 10
- • Global Standards/Frameworks.
- SANS Top 25 Software Errors
- WASC
- NIST
- OWASP
- • What is OWASP.
- • Significant OWASP Projects.
- • OWASP Top 10
- • The ‘OWASP Top 10’ for WebAppSec.
- A1-Injection
- A2-Broken Authentication
- A3-Sensitive Data Exposure
- A4-XML External Entities (XXE)
- A5-Broken Access Control
- A6-Security Misconfiguration
- A7-Cross-Site Scripting (XSS)
- A8-Insecure Deserialization
- A9-Using Components with Known Vulnerabilities
- A10- Insufficient Logging & Monitoring
- • Mitigations of OWASP Top 10.
Module 3 : Modern Attacks of Web Application
- • CSRF
- Understanding the vulnerability
- Discovering the vulnerability
- Attacking the Issue
- Impact & Countermeasure
- • SSRF
- Understanding the vulnerability
- Discovering the vulnerability
- Attacking the Issue
- Impact & Countermeasure
- • Clickjacking
- Understanding the vulnerability
- Discovering the vulnerability
- Attacking the Issue
- Impact & Countermeasure
- • SSTI
- Understanding the vulnerability
- Discovering the vulnerability
- Attacking the Issue
- Impact & Countermeasure
- • XXE
- Understanding the vulnerability
- Discovering the vulnerability
- Attacking the Issue
- Impact & Countermeasure
Module 4 : Automated approach of Vulnerability Assessment
- • Web Application Scanners.
- Netsparker
- Nessus
- Acunetix
- AppScan
- WebInspect
- NeXpose
- • Profiling the Scans
- • Interpreting Scanner Reports
- • Open source Tools and Testing Methodologies
Module 5 : API security Testing
- • API Security
- Introduction to API & API Security
- SOAP vs REST
- Case Studies
- Common API Vulnerabilities
- • Core Toolset for API Testing
- • Attacks on API
- • API Assessment Approach
- • Bot Defense for API
- • How to stop API Attacks?
Module 6 : Mitigation Strategy for Web Application loopholes
- • Common Mistakes in Development
- • Security Best Practices for Web Application & API Security
- • Secure SDLC
- Threat Modelling
- Source Code Review
- VAPT
- • Cloud Security
Module 7 : Cloud Introduction
- • Introduction to cloud
- • Introduction to virtualization
- • Cloud Service Models
- • Cloud Industry Standards
- • Security Challenges
- • Introduction to Cloud Vendors (Aws & Azure)
- • Cloud Access Security Broker
Module 8 : Cloud Migration Challenges
- • Cloud Breach Case Study
- • Virtualization security Issues
- • Risk Assessment on Cloud Migration
- • OWASP Top 10 Threats
- • Planning Secure Migration
Module 9 : Cloud Infrastructure Security
- • Cloud Configuration & Patch Management
- • Cloud Change management
- • Cloud Infrastructure Audit (Intro, Audit, Best Practice)
- Aws – VPC, EC2
- Azure - ARM, NSG
- • Demo- Aws cli & powershell & Amazon, Azure portal
Module 10 : Cloud Data Security
- • Data Protection (rest, at transit, in use)
- • Data Information lifecycle
- • Cloud Data Audit (Intro, Audit, Best Practice)
- Aws – EBS, S3
- Azure – SAS
- • Demo- Aws cli & powershell & Amazon, Azure portal
- • Key management
- • Cloud Key management Audit (Intro, Audit, Best Practice)
- Aws –KMS
- Azure – Azure Key Vault
- • Demo- Aws cli & powershell & Amazon, Azure portal
Module 11 : Identity and Access Management
- • Introduction to Identity and Access Management
- • Introduction to Federated Identity Management
- • Case Study
- • Cloud IAM Audit (Intro, Audit, Best Practice)
- • Demo- Aws Cli & Amazon portal
Module 12 : Cloud Application Security
- • Cloud Application Challenges
- • OWSAP Top 10
- • Secure SDLC
- • DevSecOps
- • Introduction to Cloud watch, Cloud Trail
- • Security automation – Cloud Trail, Cloud watch, Lambda
