The prime objective of this training is to train professionals on Serious threats and vulnerabilities associated with the Web & API applications, which allows them to build and deploy testing processes in a secure way. Knowledge of the OWASP or SANS framework will help their organizations in testing applications to build a secure and reliable applications.

Course Content:

  • Why, What & How Web Application Security?

  • Introduction to Web Application Security

  • OWASP Testing Framework

  • Web Application Basics & Fundamentals

  • Information Gathering / Live Recon

  • Web Application Vulnerabilities Overview (OWASP Top 2017 & 2021)

    • Injection
    • Broken Authentication & Session Management
    • Sensitive Data Exposure
    • XML External Entity (XXE)
    • Broken Access Control
    • Security Misconfigurations
    • Cross Site Scripting (XSS)
    • Insecure Deserialization
    • Using Components with Known Vulnerabilities
    • Insufficient Logging & Monitoring
    • Server Side Request Forgery (SSRF)
    • Cross Site Request Forgery (CSRF)

  • Tools Introduction (Open Source & Enterprise)

  • Scanning & Live Testing

  • API Pentesting (High Level – Tools, Methodology & Attacks)

  • Secure Code Review / SAST

  • Exploitation & Pentesting (Manual & Automated)

  • Mitigation Strategies & Best Practices

  • Course Resources (Videos, PPTs & Playgrounds for Hacking)