Module 1 : Introduction to Web Application
security
- Introduction to Web Applications.
- Understanding Web Application Architecture.
- HTTP Protocol Basics.
- HTTP Attack Vectors
- HTTPS vs HTTP.
- Introduction to VAPT.
- Introduction to Application Security.
- Application Security Risks.
- Case Studies.
Module 2 : OWASP Top 10
-
• Global Standards/Frameworks.
- SANS Top 25 Software Errors
- WASC
- NIST
- OWASP
- • What is OWASP.
- • Significant OWASP Projects.
- • OWASP Top 10
-
• The ‘OWASP Top 10’ for WebAppSec.
- A1-Injection
- A2-Broken Authentication
- A3-Sensitive Data Exposure
- A4-XML External Entities (XXE)
- A5-Broken Access Control
- A6-Security Misconfiguration
- A7-Cross-Site Scripting (XSS)
- A8-Insecure Deserialization
-
A9-Using Components with Known Vulnerabilities
- A10- Insufficient Logging & Monitoring
- • Mitigations of OWASP Top 10.
Module 3 : Modern Attacks of Web Application
-
• CSRF
- Understanding the vulnerability
- Discovering the vulnerability
- Attacking the Issue
- Impact & Countermeasure
-
• SSRF
- Understanding the vulnerability
- Discovering the vulnerability
- Attacking the Issue
- Impact & Countermeasure
-
• Clickjacking
- Understanding the vulnerability
- Discovering the vulnerability
- Attacking the Issue
- Impact & Countermeasure
-
• SSTI
- Understanding the vulnerability
- Discovering the vulnerability
- Attacking the Issue
- Impact & Countermeasure
-
• XXE
- Understanding the vulnerability
- Discovering the vulnerability
- Attacking the Issue
- Impact & Countermeasure
Module 4 : Automated approach of
Vulnerability Assessment
-
• Web Application Scanners.
- Netsparker
- Nessus
- Acunetix
- AppScan
- WebInspect
- NeXpose
- • Profiling the Scans
- • Interpreting Scanner Reports
-
• Open source Tools and Testing Methodologies
Module 5 : API security Testing
-
• API Security
- Introduction to API & API Security
- SOAP vs REST
- Case Studies
- Common API Vulnerabilities
- • Core Toolset for API Testing
- • Attacks on API
- • API Assessment Approach
- • Bot Defense for API
- • How to stop API Attacks?
Module 6 : Mitigation Strategy for Web
Application loopholes
- • Common Mistakes in Development
-
• Security Best Practices for Web Application & API
Security
-
• Secure SDLC
- Threat Modelling
- Source Code Review
- VAPT
- • Cloud Security
Module 7 : Cloud Introduction
- • Introduction to cloud
- • Introduction to virtualization
- • Cloud Service Models
- • Cloud Industry Standards
- • Security Challenges
- • Introduction to Cloud Vendors (Aws & Azure)
- • Cloud Access Security Broker
Module 8 : Cloud Migration Challenges
- • Cloud Breach Case Study
- • Virtualization security Issues
- • Risk Assessment on Cloud Migration
- • OWASP Top 10 Threats
- • Planning Secure Migration
Module 9 : Cloud Infrastructure Security
- • Cloud Configuration & Patch Management
- • Cloud Change management
-
• Cloud Infrastructure Audit (Intro, Audit, Best
Practice)
- Aws – VPC, EC2
- Azure - ARM, NSG
-
• Demo- Aws cli & powershell &
Amazon, Azure portal
Module 10 : Cloud Data Security
- • Data Protection (rest, at transit, in use)
- • Data Information lifecycle
-
• Cloud Data Audit (Intro, Audit, Best Practice)
- Aws – EBS, S3
- Azure – SAS
-
• Demo- Aws cli & powershell &
Amazon, Azure portal
- • Key management
-
• Cloud Key management Audit (Intro, Audit, Best
Practice)
- Aws –KMS
- Azure – Azure Key Vault
-
• Demo- Aws cli & powershell &
Amazon, Azure portal
Module 11 : Identity and Access Management
-
• Introduction to Identity and Access Management
- • Introduction to Federated Identity Management
- • Case Study
-
• Cloud IAM Audit (Intro, Audit, Best Practice)
-
• Demo- Aws Cli & Amazon portal
Module 12 : Cloud Application Security
- • Cloud Application Challenges
- • OWSAP Top 10
- • Secure SDLC
- • DevSecOps
- • Introduction to Cloud watch, Cloud Trail
-
• Security automation – Cloud Trail, Cloud watch,
Lambda
