Major Vulnerabilities in Web Application Security

Major Vulnerabilities in Web Application Security

This course is built as a detailed description with

hands-on experience of today’s most common vulnerabilities: from OWASP Top-10

2021. Trainees will learn methods of static (including SAST) and dynamic

(including DAST) identification and the reliable elimination of such

vulnerabilities.

Продолжительность
24 часы
Тип курсу
Онлайн
Мова
Англійська
артикль
SECR-010
Продолжительность
24 часы
Місцезнаходження
Онлайн
Мова
Англійська
Код
SECR-010
Тренінг для 7-8 чи більше людей? Налаштуйте тренінги для ваших конкретних потреб
Major Vulnerabilities in Web Application Security
Продолжительность
24 часы
Місцезнаходження
Online
Мова
English
Код
SECR-010
€ 650 *
Тренінг для 7-8 чи більше людей? Налаштуйте тренінги для ваших конкретних потреб

опис

This course has been developed by experts having over eight years of practical experience in Application Security. The knowledge to be transferred to trainees has been time and again tested in the field and forms a basis for safe application development. It offers a detailed description with hands-on experience of today’s most common vulnerabilities: from OWASP Top-10 2021.

Trainees will learn methods of static (including SAST) and dynamic (including DAST) identification and the reliable elimination of such vulnerabilities. They will also be provided with examples of code in various programming languages containing vulnerabilities, as well as “live” applications, which will help better understand the nature of vulnerabilities (and learn how to find them).

The

course includes numerous practical tasks and exit tests to check the acquired

knowledge.This course is built as a detailed description with

hands-on experience of today’s most common vulnerabilities: from OWASP Top-10

2021. Trainees will learn methods of static (including SAST) and dynamic

(including DAST) identification and the reliable elimination of such

vulnerabilities.

сертифікат
Після проходження курсу видається сертифікат
на бланку Luxoft Training

Цілі

Upon completion of training, students will be able to

avoid vulnerabilities of OWASP Top-10 and identify them using static and

dynamic methods in the existing code/configuration.

Цільова аудиторія

Middle+ Developers, Middle+ QA, Junior Security Engineers, and Web Application Architects.

передумови

Participants must be able to work with web browsers, read and write code for modern web applications, and understand the main principles of their operation: HTTP, Cookies, Proxies, etc.

Дорожня карта

  1. What is Application Security, why and how to use it (0,5 h)
  2. Overview of OWASP TOP 10 (0,5 h)
  3. A01 – Broken Access Control (1 h) + Practical tasks (2 h)
  4. A02 – Cryptographic Failures (1 h) + Practical tasks (1 h)
  5. A03 – Injection (2 h) + Practical tasks (1 h)
  6. A04 – Insecure Design (0.5 h) + Practical tasks (1 h)
  7. A05 – Security Misconfiguration (1 h) + Practical tasks (1 h)
  8. A06 – Vulnerable and Outdated Components (0,5 h) + Practical tasks (1 h)
  9. A07 – Identification and Authentication Failures (2 h) + Practical tasks (2 h)
  10. A08 – Software and Data Integrity Failures + Insecure Deserialization (1 h) + Practical tasks (1 h)
  11. A09 – Security Logging and Monitoring Failures (0,5 h) + Practical tasks (0,5 h)
  12. A10 – Server-Side Request Forgery (0,5 h) + Practical tasks (0,5 h)
  13. A8:2013- Cross-Site Request Forgery (CSRF) (1 h) + Practical tasks (1 h)
Залишилися запитання?
Зв'яжітьсяз нами