Major Vulnerabilities in Web Application Security

Major Vulnerabilities in Web Application Security

This course is built as a detailed description with

hands-on experience of today’s most common vulnerabilities: from OWASP Top-10

2021. Trainees will learn methods of static (including SAST) and dynamic

(including DAST) identification and the reliable elimination of such

vulnerabilities.

Durată
24 ore
Tipul de curs
Pe net
Limba
Engleză
Articol
SECR-010
Durată
24 ore
Locație
Pe net
Limba
Engleză
Cod
SECR-010
Training pentru 7-8 sau mai multe persoane? Personalizați antrenamentele pentru nevoile dumneavoastră specifice
Major Vulnerabilities in Web Application Security
Durată
24 ore
Locație
Online
Limba
English
Cod
SECR-010
€ 650 *
Training pentru 7-8 sau mai multe persoane? Personalizați antrenamentele pentru nevoile dumneavoastră specifice

Descriere

This course has been developed by experts having over eight years of practical experience in Application Security. The knowledge to be transferred to trainees has been time and again tested in the field and forms a basis for safe application development. It offers a detailed description with hands-on experience of today’s most common vulnerabilities: from OWASP Top-10 2021.

Trainees will learn methods of static (including SAST) and dynamic (including DAST) identification and the reliable elimination of such vulnerabilities. They will also be provided with examples of code in various programming languages containing vulnerabilities, as well as “live” applications, which will help better understand the nature of vulnerabilities (and learn how to find them).

The

course includes numerous practical tasks and exit tests to check the acquired

knowledge.This course is built as a detailed description with

hands-on experience of today’s most common vulnerabilities: from OWASP Top-10

2021. Trainees will learn methods of static (including SAST) and dynamic

(including DAST) identification and the reliable elimination of such

vulnerabilities.

certificat
După finalizarea cursului, se eliberează un certificat
în formularul Luxoft Training

Obiective

Upon completion of training, students will be able to

avoid vulnerabilities of OWASP Top-10 and identify them using static and

dynamic methods in the existing code/configuration.

Public țintă

Middle+ Developers, Middle+ QA, Junior Security Engineers, and Web Application Architects.

Cerințe preliminare

Participants must be able to work with web browsers, read and write code for modern web applications, and understand the main principles of their operation: HTTP, Cookies, Proxies, etc.

Foaia de parcurs

  1. What is Application Security, why and how to use it (0,5 h)
  2. Overview of OWASP TOP 10 (0,5 h)
  3. A01 – Broken Access Control (1 h) + Practical tasks (2 h)
  4. A02 – Cryptographic Failures (1 h) + Practical tasks (1 h)
  5. A03 – Injection (2 h) + Practical tasks (1 h)
  6. A04 – Insecure Design (0.5 h) + Practical tasks (1 h)
  7. A05 – Security Misconfiguration (1 h) + Practical tasks (1 h)
  8. A06 – Vulnerable and Outdated Components (0,5 h) + Practical tasks (1 h)
  9. A07 – Identification and Authentication Failures (2 h) + Practical tasks (2 h)
  10. A08 – Software and Data Integrity Failures + Insecure Deserialization (1 h) + Practical tasks (1 h)
  11. A09 – Security Logging and Monitoring Failures (0,5 h) + Practical tasks (0,5 h)
  12. A10 – Server-Side Request Forgery (0,5 h) + Practical tasks (0,5 h)
  13. A8:2013- Cross-Site Request Forgery (CSRF) (1 h) + Practical tasks (1 h)
Mai ai întrebări?
Conectați-văcu noi