Certified Web Application Security Professional - PCI DSS, Firewall Rulebase Analysis, AuditPro, Firesec, Security Assessment and Audit Software for all versions of Operating Systems, Databases, Routers, Switches, Windows, Unix, Linux, Oracle, MS SQL, IBM DB2, Cisco PIX, Cyberguard, Netscreen, Checkpoint Firewalls, GFI Languard, in India, Mumbai, Hyderabad, Delhi, Bangalore, Chennai, Kolkatta, UAE, Dubai, Kuwait, Bahrain, Qatar, Saudi Arabia, Malaysia, Singapore, Thailand, Far East, USA, Europe, North America.

Quick Links

Training Curriculum

Training Calendar

About Us

e-Learning Curriculum

Certified Web Application Security Professional (CWASP)

The course is focused on a comprehensive coverage of web application security. It will present security guidelines and considerations in web applications development. The participants will learn the basics of application security, how to enforce security on a web application, Basics of Threat Modelling, Threat Profiling, OWASP Top Ten Testing, Black Box Testing, and Source Code Reviews.

Objectives of the course

Upon completion of this course, participants will be able to:

Understand the need for security
Understand the various security threats and countermeasures
Design and Develop secured web applications

Who should attend this training?

All web app developers, testers, designers who wish to improve their security skills
Developers and System Architects wishing to improve their security skills and awareness
Team Leaders and Project Managers
Security practitioners and managers
Auditors
Anyone interested in techniques for securing Web applications
QA analysts who want to learn the mechanics of Web applications for better testing

Course Contents

Session One: Introduction and Case Study

Module 1:Web Hacking Case Studies
Module 2:Business Risks from Application Vulnerabilities

Session Two: Web 2.0 Security

Module 3: What is Web 2.0?
Module 4: AJAX Vulnerabilities
Module 5: What are Web Services?
Module 6: Web Services Vulnerabilities

Session Three: Threat Modeling – Web Application Security Controls

Module 7: Application Security – An Overview
Module 8:Threat Modeling – Objectives
Module 9: Threat Modeling – Meaning and terminology
Module 10: Hacker’s Interest Area
Module 11: Threat Profiling
Module 12: Practical Considerations
Module 13: Case Study

Session Four: Introduction to web application vulnerabilities

Module 14: OWASP Top Ten
Module 15:OWASC List of Vulnerabilities

Session Five: Functional v/s Security testing

Module 16: What is Functional testing?
Module 17: What is Security testing?
Module 18: Differences
Module 19: Tools for Functional and Security testing

Session Six: Web application in-securities practical hands-on

Module 20: Demo of web vulnerabilities with insecure web applications.

Session Seven: Secure Coding Techniques

Module 21: Best Practices
Module 22: Secure J2EE Programming
Module 23: Secure .NET Programming
Module 24: Secure PHP Programming

Session Eight: Significant OWASP Projects

Module 25: OWASP Development Guide
Module 26: OWASP Testing Guide
Module 27: OWASP Code Review Guide

Session Nine: Flash Attacks

Session Ten: IFrame Attacks

Session Eleven: Continuous security testing and assessments

Module 28: Risk based approach
Module 29: Risks from Outsourcing
Module 30: Conducting VAPT, Source code audits, Infrastructure reviews