Major Vulnerabilities in Web Application Security

Major Vulnerabilities in Web Application Security

This course is built as a detailed description with

hands-on experience of today’s most common vulnerabilities: from OWASP Top-10

2021. Trainees will learn methods of static (including SAST) and dynamic

(including DAST) identification and the reliable elimination of such

vulnerabilities.

Продолжительность
24 часы
Course type
Онлайн
Мова
Англійська
Продолжительность
24 часы
Місцезнаходження
Онлайн
Мова
Англійська
Code
SECR-010
Training for 7-8 or more people? Customize trainings for your specific needs
Major Vulnerabilities in Web Application Security
Продолжительность
24 часы
Місцезнаходження
Online
Мова
English
Code
SECR-010
€ 650 *
Training for 7-8 or more people? Customize trainings for your specific needs

Description

This course has been developed by experts having over eight years of practical experience in Application Security. The knowledge to be transferred to trainees has been time and again tested in the field and forms a basis for safe application development. It offers a detailed description with hands-on experience of today’s most common vulnerabilities: from OWASP Top-10 2021.

Trainees will learn methods of static (including SAST) and dynamic (including DAST) identification and the reliable elimination of such vulnerabilities. They will also be provided with examples of code in various programming languages containing vulnerabilities, as well as “live” applications, which will help better understand the nature of vulnerabilities (and learn how to find them).

The

course includes numerous practical tasks and exit tests to check the acquired

knowledge.This course is built as a detailed description with

hands-on experience of today’s most common vulnerabilities: from OWASP Top-10

2021. Trainees will learn methods of static (including SAST) and dynamic

(including DAST) identification and the reliable elimination of such

vulnerabilities.

certificate
After completing the course, a certificate
is issued on the Luxoft Training form

Objectives

Upon completion of training, students will be able to

avoid vulnerabilities of OWASP Top-10 and identify them using static and

dynamic methods in the existing code/configuration.

Target Audience

Middle+ Developers, Middle+ QA, Junior Security Engineers, and Web Application Architects.

Prerequisites

Participants must be able to work with web browsers, read and write code for modern web applications, and understand the main principles of their operation: HTTP, Cookies, Proxies, etc.

Roadmap

  1. What is Application Security, why and how to use it (0,5 h)
  2. Overview of OWASP TOP 10 (0,5 h)
  3. A01 – Broken Access Control (1 h) + Practical tasks (2 h)
  4. A02 – Cryptographic Failures (1 h) + Practical tasks (1 h)
  5. A03 – Injection (2 h) + Practical tasks (1 h)
  6. A04 – Insecure Design (0.5 h) + Practical tasks (1 h)
  7. A05 – Security Misconfiguration (1 h) + Practical tasks (1 h)
  8. A06 – Vulnerable and Outdated Components (0,5 h) + Practical tasks (1 h)
  9. A07 – Identification and Authentication Failures (2 h) + Practical tasks (2 h)
  10. A08 – Software and Data Integrity Failures + Insecure Deserialization (1 h) + Practical tasks (1 h)
  11. A09 – Security Logging and Monitoring Failures (0,5 h) + Practical tasks (0,5 h)
  12. A10 – Server-Side Request Forgery (0,5 h) + Practical tasks (0,5 h)
  13. A8:2013- Cross-Site Request Forgery (CSRF) (1 h) + Practical tasks (1 h)
Залишилися запитання?
Зв'яжітьсяз нами